top title background image
flash

citadel_1.2.0.0.exe

Status: finished
Submission Time: 2020-07-19 20:44:31 +02:00
Malicious

Comments

Tags

  • citadel
  • ZeuS

Details

  • Analysis ID:
    247168
  • API (Web) ID:
    389985
  • Analysis Started:
    2020-07-19 23:01:41 +02:00
  • Analysis Finished:
    2020-07-19 23:16:04 +02:00
  • MD5:
    b2325969f4c2db6350b279b5f255e0c8
  • SHA1:
    dad6a70eee64ce5d8cc2f7ebc6bb444a6337fc3f
  • SHA256:
    989d34e7e12df031098bc9898451e765b2a79c9af7416ea9906f81e95755cc20
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 60
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 60
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious
Score: 64/71
malicious
Score: 31/39
malicious
Score: 36/40
malicious

IPs

IP Country Detection
1.2.0.0
China

URLs

Name Detection
http://crl.microsoftZ3i2r
http://crl.microsoftZ3

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_citadel_1.2.0.0._3cd0723e7122e477dc0ffe3c5d0e53541c37162_28470148_0d63b57f\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA32F.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Jul 20 06:03:26 2020, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA812.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB9D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#