oOo.dat.dll

Status: finished

Submission Time: 2023-05-31 18:33:06 +02:00

Malicious

Trojan

Evader

Qbot

Comments

Details

Analysis ID:
879316
API (Web) ID:
1246296
Analysis Started:

2023-05-31 18:33:06 +02:00
Analysis Finished:

2023-05-31 18:45:45 +02:00
MD5:
3207579c779ad8830e49e3de23f576a0
SHA1:
7b36e469165782cac75d37e47be00062fb6145e0
SHA256:
a1dd89ec488f16e541caf1aaf3f8d02e51080ba8694d48f5cb7d51adb4fd1800
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
103.144.201.56	unknown
50.68.186.195	Canada
122.184.143.86	India
Click to see the 96 hidden entries
79.77.142.22	United Kingdom
122.186.210.254	India
27.109.19.90	India
45.51.102.225	United States
89.129.109.27	Spain
81.229.117.95	Sweden
98.145.23.67	United States
70.28.50.223	Canada
103.139.242.6	India
116.120.145.170	Korea Republic of
213.55.33.103	France
103.42.86.42	India
201.244.108.183	Colombia
76.16.49.134	United States
92.239.81.124	United Kingdom
85.104.105.67	Turkey
69.242.31.249	United States
76.178.148.107	United States
94.30.98.134	United Kingdom
201.143.215.69	Mexico
205.237.67.69	Canada
151.62.238.176	Italy
58.186.75.42	Viet Nam
74.136.224.98	United States
69.123.4.221	United States
109.50.149.241	Portugal
94.204.232.135	United Arab Emirates
27.99.32.26	Australia
198.2.51.242	United States
103.123.223.133	India
220.240.164.182	Australia
117.195.29.126	India
71.38.155.217	United States
50.68.204.71	Canada
65.95.141.84	Canada
69.133.162.35	United States
223.166.13.95	China
78.160.146.127	Turkey
174.58.146.57	United States
149.74.159.67	United States
90.29.86.138	France
176.142.207.63	France
199.27.66.213	United States
79.168.224.165	Portugal
47.199.241.39	United States
12.172.173.82	United States
180.151.229.230	India
76.185.109.16	United States
37.14.229.220	Spain
84.35.26.14	Netherlands
124.149.143.189	Australia
184.181.75.148	United States
70.49.205.198	Canada
183.87.163.165	India
47.34.30.133	United States
173.88.135.179	United States
123.3.240.16	Australia
14.192.241.76	Malaysia
24.234.220.88	United States
114.143.176.236	India
102.159.223.197	Tunisia
116.74.164.144	India
161.142.103.187	Malaysia
174.4.89.3	Canada
92.186.69.229	France
161.129.37.43	United States
184.182.66.109	United States
84.215.202.8	Norway
83.110.223.61	United Arab Emirates
75.143.236.149	United States
70.160.67.203	United States
2.82.8.80	Portugal
59.28.84.65	Korea Republic of
80.12.88.148	France
95.45.50.93	Ireland
47.205.25.170	United States
85.57.212.13	Spain
124.122.47.148	Thailand
88.126.94.4	France
78.92.133.215	Hungary
75.109.111.89	United States
96.87.28.170	United States
147.147.30.126	United Kingdom
76.86.31.59	United States
91.165.188.74	France
86.248.228.57	France
103.87.128.228	India
125.99.76.102	India
188.28.19.84	United Kingdom
186.64.67.30	Argentina
178.175.187.254	Moldova Republic of
96.56.197.26	United States
64.121.161.102	United States
68.203.69.96	United States
79.92.15.6	France
165.120.169.171	United States

Domains

Name	IP	Detection
linkedin.com	13.107.42.14
www.linkedin.com	0.0.0.0

URLs

Name	Detection
https://ph.linkedin.com/
https://www.linkedin.com/jobs/arts-and-design-jobs-h
https://www.linkedin.com/learning/topics/it-help-desk-5?trk=homepage-basic_learning-cta
Click to see the 97 hidden entries
https://www.linkedin.com/learning/search?trk=homepage-basic_brand-discovery_intent-module-thirdBtn
https://www.linkedin.com/learning/topics/security-3?trk=homepage-basic_learning-cta
https://www.linkedin.com/jobs/purchasing-jobs-h
https://mobile.linkedin.com/?trk=homepage-basic_directory_mobileMicrositeUrl
https://fr.linkedin.com/
https://www.linkedin.com/jobs/jobs-in-h
https://www.linkedin.com/learning/topics/customer-service-3?trk=homepage-basic_learning-cta
https://www.linkedin.com/learning/search?trk=guest_homepage-basic_guest_nav_menu_learning
https://www.linkedin.com/learning/topics/network-and-system-administration?trk=homepage-basic_learni
https://www.linkedin.com/learning/topics/leadership-and-management?trk=homepage-basic_learning-cta
https://www.linkedin.com/directory/products?trk=homepage-basic_directory_productsDirectoryUrl
https://gt.linkedin.com/
https://www.linkedin.com/learning/topics/mobile-development?trk=homepage-basic_learning-cta
https://cr.linkedin.com/
https://www.linkedin.com/learning/topics/data-science?trk=homepage-basic_learning-cta
https://static.licdn.com/aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb
https://static.licdn.com/aero-v1/sc/h/51t74mlo1ty7vakn3a80a9jcp
https://www.linkedin.com/legal/cookie-policy
https://www.linkedin.com/learning/topics/sales-3?trk=homepage-basic_learning-cta
https://www.linkedin.com/signup?trk=homepage-basic_join-cta
https://www.linkedin.com/signup?trk=guest_homepage-basic_nav-header-join
https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
https://static.licdn.com/aero-v1/sc/h/8wykgzgbqy0t3fnkgborvz54u
https://www.linkedin.com/jobs/real-estate-jobs-h
https://static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca
https://www.linkedin.com/learning/topics/human-resources-3?trk=homepage-basic_learning-cta
https://jp.linkedin.com/
https://pk.linkedin.com/
https://www.linkedin.com/help/linkedin?lang=en&trk=homepage-basic_directory_helpCenterUrl
https://business.linkedin.com/marketing-solutions?src=li-footer&utm_source=linkedin&utm_medi
https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls
https://www.linkedin.com/learning/topics/product-and-manufacturing?trk=homepage-basic_learning-cta
https://www.linkedin.com/jobs/retail-associate-jobs-h
https://static.licdn.com/aero-v1/sc/h/2r8kd5zqpi905lkzsshdlvvn5
https://de.linkedin.com/
https://www.linkedin.com/legal/professional-community-policies?trk=homepage-basic_footer-community-g
https://static.licdn.com/aero-v1/sc/h/7kb6sn3tm4cx918cx9a5jlb0
https://www.linkedin.com/products?trk=homepage-basic_directory_productsHomeUrl
https://www.linkedin.com/mypreferences/g/guest-cookies
https://www.linkedin.com/learning/topics/career-development-5?trk=homepage-basic_learning-cta
https://ke.linkedin.com/
https://ca.linkedin.com/
https://ru.linkedin.com/
https://co.linkedin.com/
https://zw.linkedin.com/
https://www.linkedin.com/directory/news?trk=homepage-basic_directory_newsDirectoryUrl
https://business.linkedin.com/talent-solutions?src=li-footer&utm_source=linkedin&utm_medium=
https://about.linkedin.com/?trk=homepage-basic_directory_aboutUrl
https://www.linkedin.com/jobs/operations-jobs-h
https://www.linkedin.com/directory/posts?trk=homepage-basic_directory_postsDirectoryUrl
https://developer.linkedin.com/?trk=homepage-basic_directory_developerMicrositeUrl
https://static.licdn.com/aero-v1/sc/h/75y9ng27ydl2d46fam5nanne5
https://www.linkedin.com/salary/?trk=homepage-basic_directory_salaryHomeUrl
https://uk.linkedin.com/
https://ae.linkedin.com/
https://www.linkedin.com/learning/topics/business-software-and-tools?trk=homepage-basic_learning-cta
https://ie.linkedin.com/
https://about.linkedin.com?trk=homepage-basic_footer-about
https://ec.linkedin.com/
https://www.linkedin.com/jobs/search?trk=guest_homepage-basic_guest_nav_menu_jobs
https://www.linkedin.com/learning/topics/artificial-intelligence?trk=homepage-basic_learning-cta
https://static.licdn.com/aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8
https://www.linkedin.com/legal/copyright-policy?trk=homepage-basic_footer-copyright-policy
https://www.linkedin.com/signup?trk=guest_homepage-basic_directory
https://sv.linkedin.com/
https://kr.linkedin.com/
https://cn.linkedin.com/
https://bo.linkedin.com/
https://www.linkedin.com/pulse/topics/marketing-s2461/
https://www.linkedin.com/jobs/quality-assurance-jobs-h
https://nz.linkedin.com/
https://sg.linkedin.com/
https://www.linkedin.com/directory/articles?trk=homepage-basic_directory_articlesDirectoryUrl
https://www.linkedin.com/jobs/administrative-assistant-jobs-h
https://static.licdn.com/aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1
https://au.linkedin.com/
https://www.linkedin.com/directory/advice?trk=homepage-basic_directory_adviceDirectoryUrl
https://pe.linkedin.com/
https://www.linkedin.com/jobs/entrepreneurship-jobs-h
https://www.linkedin.com/directory/learning?trk=homepage-basic_directory_learningDirectoryUrl
https://no.linkedin.com/
https://jm.linkedin.com/
https://www.linkedin.com/directory/services?trk=homepage-basic_directory_servicesDirectoryUrl
https://za.linkedin.com/
https://www.linkedin.com/pulse/topics/public-administration-s3697/
https://www.linkedin.com/talent/post-a-job?trk=homepage-basic_talent-finder-cta
https://www.linkedin.com/learning/topics/project-management?trk=homepage-basic_learning-cta
https://www.linkedin.com/jobs/education-jobs-h
https://www.linkedin.com/pulse/topics/construction-management-s831/
https://at.linkedin.com/
https://www.linkedin.com/learning/topics/visualization-and-real-time?trk=homepage-basic_learning-cta
https://hk.linkedin.com/
https://www.linkedin.com/learning/topics/training-and-education?trk=homepage-basic_learning-cta
https://www.linkedin.com/learning/topics/audio-and-music?trk=homepage-basic_learning-cta
https://www.linkedin.com/directory/featured?trk=homepage-basic_directory_featuredDirectoryUrl
https://in.linkedin.com/
https://www.linkedin.com/pulse/topics/healthcare-s282/

Dropped files

Name	File Type	Hashes
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2103.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1	MS Windows registry file, NT/2000 or above	#
C:\Windows\appcompat\Programs\Amcache.hve.tmp	MS Windows registry file, NT/2000 or above	#
Click to see the 21 hidden entries
C:\Windows\appcompat\Programs\Amcache.hve.LOG1	MS Windows registry file, NT/2000 or above	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\t5[1]	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ZUETP6CS.htm	HTML document, Unicode text, UTF-8 text, with very long lines (540)	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FC8.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F98.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BAF.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Jun 1 01:34:14 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_2c3030496f403a8a1c519fd5cbcbf5af4791654_82810a17_08e33b40\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20A4.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F6B.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Jun 1 01:34:10 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1952.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1933.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1903.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER18F4.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16D0.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Jun 1 01:34:08 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16A1.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Jun 1 01:34:08 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_34d063e1f8b4a0a973e2832d9ca94882ab2137_82810a17_1c0b3b4f\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_2c3030496f403a8a1c519fd5cbcbf5af4791654_82810a17_14433a94\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_2c3030496f403a8a1c519fd5cbcbf5af4791654_82810a17_0c4f3ab3\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#

oOo.dat.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

oOo.dat.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

oOo.dat.dll