Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

5f69b0667976ftar.dll

Status: finished
Submission Time: 2020-09-22 10:16:17 +02:00
Malicious
E-Banking Trojan
Trojan
Ursnif

Comments

Tags

Details

  • Analysis ID:
    288485
  • API (Web) ID:
    472100
  • Analysis Started:
    2020-09-22 10:16:18 +02:00
  • Analysis Finished:
    2020-09-22 10:24:11 +02:00
  • MD5:
    b3174c5e64fa5ba368a5b66c234c92a7
  • SHA1:
    1769658f4e98144b07af62fee907540cbe56e3ac
  • SHA256:
    7b8c91665d7a96b5f38a4bb8b81796ec80df1c281c65da378c4df82912671e25
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 64
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Domains

Name IP Detection
microsoftwindows.112.2o7.net
 15.236.175.233
www.microsoftstore.com
 0.0.0.0
assets.onestore.ms
 0.0.0.0
Click to see the 1 hidden entries
mem.gfx.ms
 0.0.0.0

URLs

Name Detection
https://assets.onestore.ms
https://products.office.com/fr-ch/academic/compare-office-365-education-plans
https://mem.gfx.ms
Click to see the 17 hidden entries
https://channel9.msdn.com/
https://www.onenote.com/?omkt=fr-FR
http://schema.org/Organization
http://github.com/aFarkas/lazysizes
https://www.xbox.com/
https://onedrive.live.com/about/fr-ch/
https://www.linkedin.com/company/1035
https://outlook.live.com/owa/
https://www.instagram.com/microsoftch/
http://github.com/requirejs/requirejs/LICENSE
https://twitter.com/microsoft_ch
https://microsoftwindows.112.2o7.net
https://mem.gfx.ms/meversion?partner=MSHomePage&market=fr-ch&uhf=1
https://www.skype.com/fr/
https://schema.org/ItemList
http://github.com/requirejs/domReady
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4pkvE[1].png
 PNG image data, 40 x 40, 8-bit gray+alpha, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE1Mu3b[1].png
 PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE4FfQ0[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1600x600, frames 3
 #
Click to see the 34 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE4pndL[1].png
 PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE4rriw[1].png
 PNG image data, 40 x 40, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE4sQDc[1].png
 PNG image data, 40 x 40, 2-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cartcount[1].htm
 HTML document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-3.3.1.min[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\meversion[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\1x1clear[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\twitter[1].png
 PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4pxBu[1].png
 PNG image data, 40 x 40, 8-bit gray+alpha, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\a4-539297[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ab-985138[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\e3-082b89[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\social[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\~DF2DB21D697E3B291C.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF5E2FF32DCAD771D4.TMP
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4tj4A[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEEBE08E-FCF7-11EA-90E8-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\67-bf2297[1].css
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4CFyx[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4DfTp[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4pSiu[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4rvYV[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4rzs9[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AEEBE08C-FCF7-11EA-90E8-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mwfmdl2-v3.54[1].woff
 Web Open Font Format, TrueType, length 26288, version 0.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\facebook[1].png
 PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\fr-ch[1].htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\instagram[1].png
 PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\linkedin[1].png
 PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mscc-0.4.2.min[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mscc-0.4.2.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\social[1].css
 UTF-8 Unicode text, with very long lines
 #