Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

p2SijKiqgZ.dll

Status: finished
Submission Time: 2021-09-27 20:02:55 +02:00
Malicious
Trojan
Evader
CobaltStrike Metasploit Squirrelwaffle

Comments

Tags

  • dll
  • Squirrelwaffle

Details

  • Analysis ID:
    491706
  • API (Web) ID:
    859263
  • Analysis Started:
    2021-09-27 20:24:46 +02:00
  • Analysis Finished:
    2021-09-27 20:35:13 +02:00
  • MD5:
    803768a34f7e59b8a9a2f3969624c47e
  • SHA1:
    09a38940ef023929897fdc9c996de0b0f39116e2
  • SHA256:
    2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 7/45
malicious

IPs

IP Country Detection
107.180.44.125
 United States
185.67.1.94
 Ukraine
162.215.253.14
 United States
Click to see the 2 hidden entries
23.82.140.206
 United States
103.28.36.212
 Viet Nam

Domains

Name IP Detection
sirifinco.com
 162.215.253.14
lendbiz.vn
 103.28.36.212
mohsinkhanfoundation.com
 107.180.44.125
Click to see the 6 hidden entries
hoteloaktree.com
 185.67.1.94
tuxsecuritybiness.com
 0.0.0.0
ordpress17.com
 0.0.0.0
aterwellnessinc.com
 0.0.0.0
r3.i.lencr.org
 0.0.0.0
x1.i.lencr.org
 0.0.0.0

URLs

Name Detection
http://mohsinkhanfoundation.com/pcQLeLMbur/GzsaeR8FDw4qOh8mCAR2HDoCFS4bAhxFfnJ4ZX15c2R5Yng=
http://mohsinkhanfoundation.com/pcQLeLMbur/BhkbJH0afC8dDiEzQn12eWR6endleGV7
sjgrand.lk/zvMYuQqEZj
Click to see the 89 hidden entries
http://lendbiz.vn/xj3BhHtMbf/cxAvGkZ6c3lifn1yZX5hfA==
http://mohsinkhanfoundation.com/pcQLeLMbur/KQsyKkZ6c3lifn1yZX5hfA==
http://mohsinkhanfoundation.com/pcQLeLMbur/fxgDNT4yEngregozMnp+J0N6dX1le310YXlkfA==
http://mohsinkhanfoundation.com/pcQLeLMbur/EgwECwQhMhk+BQkuH38nHQUtIy4GLwpFfnJ4ZX15c2R5Yng=
http://mohsinkhanfoundation.com/pcQLeLMbur/DxMffwwOHXMHeXJDenV9ZXt9dGF5ZHw=
sirifinco.com/Urbhq9wO50j
jornaldasoficinas.com/ZF8GKIGVDupL
ordpress17.com/5WG6Z62sKWo
http://mohsinkhanfoundation.com/pcQLeLMbur/ACA4KhwTDH8VH3MrOQp8GAYHIjZ4egBFfnJ4ZX15c2R5Yng=
http://mohsinkhanfoundation.com/pcQLeLMbur/JhANAzl6Gw8FBhMABRYGcn9CfXZ5ZHp6d2V4ZXs=
acdlimited.com/2u6aW9Pfe
lefrenchwineclub.com/eRUGdDox
http://mohsinkhanfoundation.com/pcQLeLMbur/ICYbCzstHxl+BhF4Jg5+GH0FRX5yeGV9eXNkeWJ4
http://mohsinkhanfoundation.com/pcQLeLMbur/Hh8fPwgIJRkuIzgrOjp5HjovOkZ6c3lifn1yZX5hfA==
lendbiz.vn/xj3BhHtMbf
http://mohsinkhanfoundation.com/pcQLeLMbur/OhpCfXZ5ZHp6d2V4ZXs=
http://mohsinkhanfoundation.com/pcQLeLMbur/GAUAID5zCzE+BzoOJAtGenN5Yn59cmV+YXw=
erogholding.com/GFM1QcCFk
http://mohsinkhanfoundation.com/pcQLeLMbur/GB0tLyckQ3p1fWV7fXRheWR8
http://mohsinkhanfoundation.com/pcQLeLMbur/ITIYRX5yeGV9eXNkeWJ4
https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsVw
http://mohsinkhanfoundation.com/pcQLeLMbur/DRs5e3gJAw4gNkJ7cn5henxzYn1lfQ==
http://mohsinkhanfoundation.com/pcQLeLMbur/OSdCfXZ5ZHp6d2V4ZXs=
http://mohsinkhanfoundation.com/pcQLeLMbur/DCwZNSYnBRJFfnJ4ZX15c2R5Yng=
http://23.82.140.206/jquery-3.3.1.slim.min.js
altayaralsudani.net/SSUsPgb7PHgC
http://mohsinkhanfoundation.com/pcQLeLMbur/E30FFQogECw2GiUzekV+cnhlfXlzZHlieA==
dadabhoy.pk/m6rQE94U
http://mohsinkhanfoundation.com/pcQLeLMbur/PAUpKBYYDz0bHQkGMRZ/eSJCfXZ5ZHp6d2V4ZXs=
http://mohsinkhanfoundation.com/pcQLeLMbur/PQAbfw19HyI5fiwAe38AIyccOiF8BwI+diQOQn12eWR6endleGV7
http://lendbiz.vn/xj3BhHtMbf/EQsPOCI9HT0CfXsGCQQcIA59PT18Q3p1fWV7fXRheWR8
orldofjain.com/lMsTA7tSYpe
http://lendbiz.vn/xj3BhHtMbf/ew0TDR8RAgoIfT0bIEV+cnhlfXlzZHlieA==
http://lendbiz.vn/xj3BhHtMbf/PnwTCj8/DwIceXNDenV9ZXt9dGF5ZHw=
http://mohsinkhanfoundation.com/pcQLeLMbur/cjsfHAk/MzgAfhp+DBgAGz0PeyQgQ3p1fWV7fXRheWR8
http://mohsinkhanfoundation.com/pcQLeLMbur/fSkCegETcg8VKw95Qn12eWR6endleGV7
http://mohsinkhanfoundation.com/pcQLeLMbur/MSMDOB0pBQ5+OnNDenV9ZXt9dGF5ZHw=
http://lendbiz.vn/xj3BhHtMbf/fTB4IBwfOiwYPxk6GRosPCV9BAJzPwp0C3IvDkV+cnhlfXlzZHlieA==
https://tuxsecuritybiness.com/
http://mohsinkhanfoundation.com/pcQLeLMbur/HiQBOhomAh0dCDgeJjoHLj8YCUZ6c3lifn1yZX5hfA==
https://tuxsecuritybiness.com:8080/
http://mohsinkhanfoundation.com/pcQLeLMbur/HDN9NScAAw8PKwEFMi0/JTI5PEZ6c3lifn1yZX5hfA==
tuxsecuritybiness.com
http://mohsinkhanfoundation.com/pcQLeLMbur/Hh4hIBsEGSF/JgN9ARgdOCgSRX5yeGV9eXNkeWJ4
http://mohsinkhanfoundation.com/pcQLeLMbur/CAsZDz1/MEJ9dnlkenp3ZXhlew==
http://mohsinkhanfoundation.com/pcQLeLMbur/P3glHSkheRgAfBMIMgUiKCMaGD4dK0J9dnlkenp3ZXhlew==
http://mohsinkhanfoundation.com/pcQLeLMbur/AjlCfXZ5ZHp6d2V4ZXs=
http://mohsinkhanfoundation.com/pcQLeLMbur/P34KJnkbASUWPzEYIgcWQntyfmF6fHNifWV9
http://mohsinkhanfoundation.com/pcQLeLMbur/CXwgNgIIIXMeeQkPPhYCOUN6dX1le310YXlkfA==
http://mohsinkhanfoundation.com/pcQLeLMbur/LDhzdH4lGnwaNw4PfworLCkHdSkEGjIvdnMoAkV+cnhlfXlzZHlieA==
http://lendbiz.vn/xj3BhHtMbf/OTo6JTgvJXgEPS9DenV9ZXt9dGF5ZHw=
http://mohsinkhanfoundation.com/pcQLeLMbur/JS4leCwTGiojLgAhfiAeJXl4JCkFHUJ9dnlkenp3ZXhlew==
111
https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.js
https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsfw
http://mohsinkhanfoundation.com/pcQLeLMbur/eX0ALgEICTI4BRlyQn12eWR6endleGV7
hoteloaktree.com/QthLWsZsVgb
http://mohsinkhanfoundation.com/pcQLeLMbur/LjI+JSoqJQ4lBiwyAhR7KngvHgopKBhFfnJ4ZX15c2R5Yng=
mohsinkhanfoundation.com/pcQLeLMbur
http://mohsinkhanfoundation.com/pcQLeLMbur/EgwSFkZ6c3lifn1yZX5hfA==
http://mohsinkhanfoundation.com/pcQLeLMbur/eDkkAA0bInx9RnpzeWJ+fXJlfmF8
http://mohsinkhanfoundation.com/pcQLeLMbur/HiYFeTpyPng4KCF4Pzk8EQgqOQkgOA0PBUJ7cn5henxzYn1lfQ==
http://mohsinkhanfoundation.com/pcQLeLMbur/enl4GDYcBgIOewx5OBp/MiEbKDx8AkJ9dnlkenp3ZXhlew==
http://mohsinkhanfoundation.com/pcQLeLMbur/H0N6dX1le310YXlkfA==
armordetailing.rs/lgfrZb4Re6WO
http://mohsinkhanfoundation.com/pcQLeLMbur/ES1CfXZ5ZHp6d2V4ZXs=
http://mohsinkhanfoundation.com/pcQLeLMbur/MyYYFB8/BgEuIANyGHgkPAMsGDcYQ3p1fWV7fXRheWR8
http://mohsinkhanfoundation.com/pcQLeLMbur/DClzfTsJDgA/AicrERgXCHsERX5yeGV9eXNkeWJ4
http://mohsinkhanfoundation.com/pcQLeLMbur/egl7fAgEMAQAAkJ7cn5henxzYn1lfQ==
https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsmohsinkhanfoundation.com
https://tuxsecuritybiness.com/v
geosever.rs/ObHP1CHt
aterwellnessinc.com/U7D0sswwp
nuevainfotech.com/xCNyTjzkoe
http://hoteloaktree.com/QthLWsZsVgb/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXw=
http://code.jquery.com/
https://23.82.140.206:8080/mpersonation
https://23.82.140.206:8080/
http://code.jquery.com/1
http://x1.i.lencr.org/
http://r3.o.lencr.org0
http://sirifinco.com/Urbhq9wO50j/ASk5Kx0SPR8lJjE5eTg9GkN6dX1le310YXlkfA==
http://sirifinco.com/Urbhq9wO50j/fXMKNg0nKzN/DA15DggBI0N6dX1le310YXlkfA==
http://x1.i.lencr.org/0
http://ctldl.winI
http://x1.c.lencr.org/0
http://cps.letsencrypt.org0
http://r3.i.lencr.org/
http://r3.i.lencr.org/0

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_93501137f7dee44608c963aa617a61e5ad25b8_82810a17_1bc2b2b4\Report.wer
 Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER920C.tmp.dmp
 Mini DuMP crash report, 14 streams, Tue Sep 28 03:25:52 2021, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B45.tmp.WERInternalMetadata.xml
 XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
Click to see the 7 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E05.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 61157 bytes, 1 file
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8408FE5CA4467EE4DA84A76EF238FE3
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8408FE5CA4467EE4DA84A76EF238FE3
 data
 #