o4c8AUtX1g.exe

Status: finished

Submission Time: 2021-10-25 11:38:30 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
508575
API (Web) ID:
876146
Analysis Started:

2021-10-25 11:39:45 +02:00
Analysis Finished:

2021-10-25 11:51:05 +02:00
MD5:
c7db399951b19ea446599dc3800a3111
SHA1:
b01352206ec1935a1123d7d4ea8394647e6b3d00
SHA256:
ceba6a7f9a2c25a35090470c6209aefed808786c47194a18415a7898390c20cb
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 69	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	clean 0/100

Third Party Analysis Engines

malicious

Score: 13/45

Domains

Name	IP	Detection
get.updates.avast.cn	0.0.0.0

URLs

Name	Detection
https://sectigo.com/CPS0D
http://www.openssl.org/support/faq.html
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Click to see the 43 hidden entries
https://www.nuget.org/packages/Azure.Security.KeyVault.Certificates
https://currencysystem.com/gfx/pub/script-button-88x31.gif
http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
https://currencysystem.com/gfx/pub/script-icon-16x16.png
https://www.nuget.org/packages/Azure.Security.KeyVault.Secrets
https://www.thawte.com/cps0/
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
https://www.thawte.com/repository0W
http://mybusinesscatalog.com0
http://www.MyBusinessCatalog.com
http://aia.startssl.com/certs/ca.crt02
http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI
http://www.startssl.com/policy.pdf0
https://www.advancedinstaller.com
https://secure.comodo.com/CPS0L
http://www.startssl.com/0
https://currencysystem.com/gfx/pub/script-button-88x31.png
http://.jpg
http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHhttp://apache.org/xml/messages/XML
https://currencysystem.com
https://www.nuget.org/packages/Azure.Security.KeyVault.Keys
http://html4/loose.dtd
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
http://ocsp.startssl.com/sub/class2/code/ca0
http://crl.startssl.com/sfsca.crl0C
https://sectigo.com/CPS0
http://apache.org/xml/UnknownNSUCS4UCS-4UCS_4UTF-32ISO-10646-UCS-4UCS-4
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ocsp.sectigo.com0
http://www.openssl.org/V
http://www.unicode.org/copyright.html
https://currencysystem.com/gfx/pub/script-icon-16x16.gif
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
http://www.gesmes.org/xml/2002-08-01
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
http://ocsp.startssl.com/ca00
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://.css
https://aka.ms/azsdkvalueprop.
http://crl.startssl.com/crtc2-crl.crl0
http://ocsp.sectigo.com0)
http://www.ecb.int/vocabulary/2002-08-01/eurofxref
http://icu-project.org

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\plcd-player.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\lcms-5.0.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\CrashRpt License.txt	ASCII text, with CRLF line terminators	#
Click to see the 52 hidden entries
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Delimon.Win32.IO.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ICSharpCode.SharpZipLib.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\License.txt	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Microsoft.Azure.KeyVault.Core.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\SslCertBinding.Net.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\System.Threading.Tasks.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem4.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\ecb-eurofxref-daily.xml	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\help.chm	MS Windows HtmlHelp Data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\icuio58.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\AWSSDK.SimpleDB.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\libeay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ml	PDF document, version 1.5	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ssleay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Windows\Installer\440bbd.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)	#
C:\Windows\Installer\MSI11D7.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI1488.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI15F0.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI16EB.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI1815.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI193F.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI3F85.tmp	data	#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem4.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 61157 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Temp\MSI76CC.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MSI79F9.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\shi7515.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\AWSSDK.SimpleDB.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\CrashRpt License.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Delimon.Win32.IO.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ICSharpCode.SharpZipLib.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\License.txt	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Microsoft.Azure.KeyVault.Core.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\SslCertBinding.Net.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\System.Threading.Tasks.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Config.Msi\440bbf.rbs	data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\ecb-eurofxref-daily.xml	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\adv.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\help.chm	MS Windows HtmlHelp Data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\icuio58.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\lcms-5.0.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\libeay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ml	PDF document, version 1.5	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\plcd-player.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ssleay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\decoder.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

o4c8AUtX1g.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

o4c8AUtX1g.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

Search started

o4c8AUtX1g.exe