Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

cX0XLcXbVY.exe

Status: finished
Submission Time: 2021-11-25 13:41:19 +01:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • BABADEDA-Crypter
  • exe
  • Gozi
  • Ursnif

Details

  • Analysis ID:
    528551
  • API (Web) ID:
    896072
  • Analysis Started:
    2021-11-25 13:48:37 +01:00
  • Analysis Finished:
    2021-11-25 14:00:32 +01:00
  • MD5:
    df01095f6f0a0cd339c373d8b7865dca
  • SHA1:
    5b26c23addf1bcd6c76edb8c69bf562398c78c0f
  • SHA256:
    e203345d8120bd6d29e667bbceb92083ebb55e36b21cd22d669aa2f91830a656
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 32/68
Open Full Report
malicious
Score: 8/35
malicious
Score: 17/45
malicious

Domains

Name IP Detection
get.updates.avast.cn
 0.0.0.0
windowsupdate.s.llnwi.net
 178.79.225.0

URLs

Name Detection
http://mybusinesscatalog.com0
http://www.openssl.org/support/faq.html
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Click to see the 40 hidden entries
https://www.nuget.org/packages/Azure.Security.KeyVault.Certificates
https://currencysystem.com/gfx/pub/script-button-88x31.gif
http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
https://currencysystem.com/gfx/pub/script-icon-16x16.png
https://www.nuget.org/packages/Azure.Security.KeyVault.Secrets
https://www.thawte.com/cps0/
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
https://www.thawte.com/repository0W
http://www.MyBusinessCatalog.com
https://sectigo.com/CPS0D
http://aia.startssl.com/certs/ca.crt02
http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI
http://www.startssl.com/policy.pdf0
https://www.advancedinstaller.com
https://secure.comodo.com/CPS0L
http://www.startssl.com/0
https://currencysystem.com/gfx/pub/script-button-88x31.png
http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHhttp://apache.org/xml/messages/XML
https://currencysystem.com
https://www.nuget.org/packages/Azure.Security.KeyVault.Keys
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
http://ocsp.startssl.com/sub/class2/code/ca0
http://crl.startssl.com/sfsca.crl0C
https://sectigo.com/CPS0
http://apache.org/xml/UnknownNSUCS4UCS-4UCS_4UTF-32ISO-10646-UCS-4UCS-4
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ocsp.sectigo.com0
http://www.openssl.org/V
http://www.unicode.org/copyright.html
https://currencysystem.com/gfx/pub/script-icon-16x16.gif
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
http://www.gesmes.org/xml/2002-08-01
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
https://get.updates.avast.cn/sreamble/1yYwg5JPV/TTMEh_2Bvq0Lam2KQ1N6/CbCST3fFsNMsZldokdK/BsvHxVUlWny
http://ocsp.startssl.com/ca00
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
https://aka.ms/azsdkvalueprop.
http://crl.startssl.com/crtc2-crl.crl0
http://www.ecb.int/vocabulary/2002-08-01/eurofxref
http://icu-project.org

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\lcms-5.0.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\plcd-player.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\plcd-player.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 67 hidden entries
C:\Windows\Installer\MSI1B39.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI1C63.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI19E0.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI18B7.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI1625.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\6d1078.msi
 Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ssleay32.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ml
 PDF document, version 1.5
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\libeay32.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\lcms-5.0.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\icuio58.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\help.chm
 MS Windows HtmlHelp Data
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\ecb-eurofxref-daily.xml
 XML 1.0 document, ASCII text
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.js
 ASCII text, with CRLF line terminators
 #
C:\Windows\Temp\~DF29FCC9B92D77BE3B.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Temp\~DFE5281F7FD6AD28FC.TMP
 data
 #
C:\Windows\Temp\~DFE3A12F753B6DF60A.TMP
 data
 #
C:\Windows\Temp\~DFE2B3F890C2847334.TMP
 data
 #
C:\Windows\Temp\~DFE2B1E8DF6554FB0C.TMP
 data
 #
C:\Windows\Temp\~DFD101180A721B4488.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Temp\~DF90B01D9AECEE62B1.TMP
 data
 #
C:\Windows\Temp\~DF695855CAC8EBE79A.TMP
 data
 #
C:\Windows\Temp\~DF3BEB6360732AA108.TMP
 data
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\System.Threading.Tasks.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Windows\Temp\~DF27B2AFB986F9142A.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Temp\~DF1F5F9B148223842F.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Temp\~DF03A651B7767309F9.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
 #
C:\Windows\Installer\inprogressinstallinfo.ipi
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Installer\SourceHash{4A523951-0A2F-4D65-A31E-BB22D0CE0CF4}
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Installer\MSI51CD.tmp
 data
 #
C:\Windows\Installer\MSI1D9D.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Delimon.Win32.IO.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem4.js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\System.Threading.Tasks.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\SslCertBinding.Net.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Microsoft.Azure.KeyVault.Core.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\License.txt
 Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ICSharpCode.SharpZipLib.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\ecb-eurofxref-daily.xml
 XML 1.0 document, ASCII text
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\CrashRpt License.txt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\AWSSDK.SimpleDB.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\shi7A5E.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\MSI7F13.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\MSI7C24.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 61414 bytes, 1 file
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\holder0.aiph
 data
 #
C:\Config.Msi\6d107a.rbs
 data
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\SslCertBinding.Net.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Microsoft.Azure.KeyVault.Core.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\License.txt
 Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ICSharpCode.SharpZipLib.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Delimon.Win32.IO.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\CrashRpt License.txt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\AWSSDK.SimpleDB.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem4.js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\decoder.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ssleay32.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ml
 PDF document, version 1.5
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\libeay32.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\icuio58.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\help.chm
 MS Windows HtmlHelp Data
 #
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\adv.msi
 Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)
 #