Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

batteryacid.dat.dll

Status: finished
Submission Time: 2023-06-06 23:39:06 +02:00
Malicious
Trojan
Evader
Qbot

Comments

Tags

  • dll

Details

  • Analysis ID:
    882879
  • API (Web) ID:
    1249863
  • Analysis Started:
    2023-06-06 23:39:07 +02:00
  • Analysis Finished:
    2023-06-06 23:51:38 +02:00
  • MD5:
    179d4849f8d096122d05de3c7bebb4bd
  • SHA1:
    ee3ead69ec6801721cde4ca6480f30ecff948c08
  • SHA256:
    2f6ae770a5d56ed8a2cfe262e196363b5c80e58468c66ff36cdf9c75306c2c55
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 7/70

IPs

IP Country Detection
68.227.249.138
 United States
93.187.148.45
 United Kingdom
79.77.142.22
 United Kingdom
Click to see the 97 hidden entries
92.184.102.115
 France
78.159.146.65
 Italy
122.186.210.254
 India
81.229.117.95
 Sweden
70.28.50.223
 Canada
27.0.48.233
 India
103.139.242.6
 India
116.120.145.170
 Korea Republic of
105.102.10.220
 Algeria
182.75.189.42
 India
122.184.143.86
 India
125.63.121.38
 India
103.42.86.42
 India
201.244.108.183
 Colombia
105.184.209.117
 South Africa
193.253.100.236
 France
41.186.88.38
 Rwanda
92.239.81.124
 United Kingdom
192.143.255.159
 South Africa
193.80.73.200
 Austria
201.143.215.69
 Mexico
92.20.204.198
 United Kingdom
174.58.146.57
 United States
73.207.160.219
 United States
94.207.125.252
 United Arab Emirates
92.9.45.20
 United Kingdom
84.216.198.201
 Sweden
103.123.223.133
 India
77.126.99.230
 Israel
213.91.235.146
 Bulgaria
75.98.154.19
 United States
49.175.72.188
 Korea Republic of
65.95.141.84
 Canada
223.166.13.95
 China
59.88.174.146
 India
151.62.238.176
 Italy
197.2.173.77
 Tunisia
90.29.86.138
 France
74.12.146.221
 Canada
86.173.2.12
 United Kingdom
176.142.207.63
 France
199.27.66.213
 United States
79.168.224.165
 Portugal
12.172.173.82
 United States
83.249.198.100
 Sweden
45.62.70.33
 Canada
50.68.186.195
 Canada
213.64.33.92
 Sweden
37.14.229.220
 Spain
184.181.75.148
 United States
70.49.205.198
 Canada
190.75.72.44
 Venezuela
183.87.163.165
 India
217.165.233.122
 United Arab Emirates
72.205.104.134
 United States
176.133.4.230
 France
78.130.215.67
 Bulgaria
123.3.240.16
 Australia
24.234.220.88
 United States
114.143.176.236
 India
41.227.190.59
 Tunisia
116.74.164.17
 India
121.121.108.120
 Malaysia
174.4.89.3
 Canada
74.14.39.7
 Canada
125.99.69.178
 India
184.182.66.109
 United States
82.36.36.76
 United Kingdom
86.195.14.72
 France
86.208.35.220
 France
70.160.67.203
 United States
92.98.55.221
 United Arab Emirates
37.189.89.196
 Portugal
103.144.201.48
 unknown
81.111.108.123
 United Kingdom
95.45.50.93
 Ireland
47.205.25.170
 United States
66.241.183.99
 United States
1.221.179.74
 Korea Republic of
85.57.212.13
 Spain
88.126.94.4
 France
75.109.111.89
 United States
147.147.30.126
 United Kingdom
59.28.84.65
 Korea Republic of
124.246.122.199
 Singapore
2.82.8.80
 Portugal
94.59.123.30
 United Arab Emirates
103.87.128.228
 India
188.28.19.84
 United Kingdom
178.175.187.254
 Moldova Republic of
31.53.29.216
 United Kingdom
89.115.200.234
 Portugal
64.121.161.102
 United States
82.131.141.209
 Hungary
165.120.169.171
 United States
103.141.50.43
 India
100.4.163.158
 United States

Domains

Name IP Detection
irs.gov
 152.216.7.110
www.irs.gov
 0.0.0.0

URLs

Name Detection
https://www.irs.gov/zh-hans
https://www.usa.gov/
https://www.drupal.org)
Click to see the 26 hidden entries
https://www.irs.gov/ko
https://irs.gov/
https://www.irs.gov
https://www.instagram.com/irsnews
https://www.irs.gov/vi
https://www.irs.gov/
https://static.addtoany.com/menu/page.js
https://www.treasury.gov/
https://www.irs.gov/es
https://www.irs.gov/zh-hant
https://jobs.irs.gov/
https://www.treasury.gov/tigta/
https://home.treasury.gov/footer/no-fear-act
https://s.go-mpulse.net/boomerang/
https://www.youtube.com/user/irsvideos
https://www.youtube.com/embed/p3mmROYjyYM?autoplay=0&start=0&rel=0
https://www.irs.gov/pub/image/logo_small.jpg
https://www.irs.gov/ru
https://twitter.com/IRSnews
http://upx.sf.net
https://www.usaspending.gov
https://www.irs.gov/ht
https://www.twitter.com/IRSnews
https://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp
https://s2.go-mpulse.net/boomerang/
https://www.linkedin.com/company/irs

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WER34A.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
 MS Windows registry file, NT/2000 or above
 #
C:\Windows\appcompat\Programs\Amcache.hve
 MS Windows registry file, NT/2000 or above
 #
Click to see the 16 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5NRH02A3.htm
 HTML document, Unicode text, UTF-8 text, with very long lines (26606)
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFEE.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:11 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF59F.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF56F.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3D8.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:07 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:11 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A9.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1771c62af96114fb83baec5ef424ae1819cb3650_82810a17_00d61356\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER270.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER212.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E4.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed Jun 7 06:40:11 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A4.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7ec94696d4f5167a22d8d01ba83c94e0c28d4894_82810a17_1c121402\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_26a6cc57e4ced2c19f09ae278ade2876040a245_82810a17_1c1a1441\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1771c62af96114fb83baec5ef424ae1819cb3650_82810a17_1c6e13d3\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #