Register Login

sloganpng

top title background image

citadel_1.3.5.1.exe

Status: finished

Submission Time: 2020-07-19 21:24:40 +02:00

Malicious

Comments

Tags

Details

Analysis ID:
247261
API (Web) ID:
390159
Analysis Started:

2020-07-20 01:33:54 +02:00
Analysis Finished:

2020-07-20 01:47:26 +02:00
MD5:
8fdf36fb7f4935a272f7e6898b70bdc9
SHA1:
666cc7d3b58aba61a73c482605bf1f2a612bc7f7
SHA256:
85e8eb80abd37d60fe3c10fa22f9585ac1932b3a8079317f663b90191920b75b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 60	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 60	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 60/70

Open Full Report

malicious

Score: 26/39

malicious

Score: 29/31

malicious

IPs

IP	Country	Detection
1.3.5.1	China

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_citadel_1.3.5.1._9d6d974120f162fefa2dadc19ea91ef7f859aeb0_a31faa49_0ac09172\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8434.tmp.dmp	Mini DuMP crash report, 14 streams, Mon Jul 20 08:35:06 2020, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8629.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
Click to see the 1 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER87DF.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#