Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

555.exe

Status: finished
Submission Time: 2022-03-22 23:50:33 +01:00
Malicious
Trojan
Spyware
Evader
Oski Stealer Vidar

Comments

Tags

  • ArkeiStealer
  • exe
  • Vidar

Details

  • Analysis ID:
    594633
  • API (Web) ID:
    962156
  • Analysis Started:
    2022-03-22 23:51:33 +01:00
  • Analysis Finished:
    2022-03-23 00:12:18 +01:00
  • MD5:
    ed37ebbe1746dd0d566c8c4769655e0b
  • SHA1:
    0a559ebf6ab1cdf292c79aac5ac20c236d975eb7
  • SHA256:
    b4c9aadd18c1b6f613bf9d6db71dcc010bbdfe8b770b4084eeb7d5c77d95f180
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 88
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report
malicious
Score: 50/70
Open Full Report
malicious
Score: 16/39
malicious
Score: 22/28
malicious

Domains

Name IP Detection
dersed.com
 0.0.0.0

URLs

Name Detection
http://dersed.com/freebl3.dllyD
http://dersed.com/freebl3.dll
http://dersed.com/msvcp140.dll
Click to see the 16 hidden entries
http://dersed.com/vcruntime140.dllGc
http://dersed.com/softokn3.dll
http://ip-api.com/line/
http://dersed.com/nss3.dllcom/freebl3.dll
http://dersed.com/mozglue.dllkD
http://dersed.com/softokn3.dllLD
http://dersed.com/mozglue.dll
http://dersed.com/nss3.dll
http://dersed.com/softokn3.dllmb
http://dersed.com/msvcp140.dllGD
http://dersed.com/vcruntime140.dll_i
http://dersed.com/softokn3.dllUD
http://dersed.com/vcruntime140.dll
http://dersed.com/288
http://dersed.com/vcruntime140.dllbg
http://dersed.com/nss3.dllv

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_555.exe_73a2317c9b18c06fb4572ea77cd525ee3f28dbd_69550887_1ab655c1\Report.wer
 Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D28.tmp.dmp
 Mini DuMP crash report, 14 streams, Tue Mar 22 22:53:11 2022, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER497D.tmp.WERInternalMetadata.xml
 XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
Click to see the 1 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E21.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #