oQDQSpA55K.exe

Status: finished

Submission Time: 2024-04-15 02:36:06 +02:00

Malicious

Trojan

Evader

DCRat

Comments

Details

Analysis ID:
1425890
API (Web) ID:
1425890
Original Filename:
2384855ef566166e75c9ff240764b204.exe
Analysis Started:

2024-04-15 02:36:07 +02:00
Analysis Finished:

2024-04-15 02:59:28 +02:00
MD5:
2384855ef566166e75c9ff240764b204
SHA1:
c526437c83271c8b61533894b5eaaa693ab09295
SHA256:
2ec983b4653f6a5ee028e9ecfa37d8cf2404a10e9691bb8ed39023be643ef55e
Technologies:

Engines
IOCs

Joe Sandbox

Download Report	Detection	Info
	malicious
Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report	malicious Score: 78	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 48/72

malicious

Score: 29/36

malicious

IPs

IP	Country	Detection
128.116.116.3	United States

Domains

Name	IP	Detection
us-central-origin-px.roblox.com	128.116.116.3
ecsv2.roblox.com	0.0.0.0
client-telemetry.roblox.com	0.0.0.0
Click to see the 1 hidden entries
clientsettingscdn.roblox.com	0.0.0.0

URLs

Name	Detection
http://crl.xrampsecurity.com/XGCA.crl0
https://wwww.certigna.fr/autorites/0m
http://ocsp.accv.es0
Click to see the 58 hidden entries
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperoadsdl
https://ecsv2.roblox.com/client/pbeTelemetryV2UrlFFlagRolloutDuplicateRobloxTelemetryCountersEnabled
https://client-telemetry.roblox.come
https://wwww.certigna.fr/autorites/
https://curl.se/docs/alt-svc.html
https://clientsettingscdn.roblox.com/v2/
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
http://www.quovadisglobal.com/cps
https://setup.rbxcdn.comcomw
http://crl.securetrust.com/STCA.crl
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
http://www.accv.es/legislacion_c.htm
http://www.accv.es/legislacion_c.htm0U
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerx
https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64
https://client-telemetry.roblox.comM_
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerKH
http://bit.ly/1eMQ42U
http://crl.certigna.fr/certignarootca.crl01
http://www.cert.fnmt.es/dpcs/
http://www.winimage.com/zLibDll
https://s3.amazonaws.com/
http://www.accv.es00
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayery.
https://ecsv2.roblox.com/client/pbeq
https://ecsv2.roblox.com/client/pbe
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperate
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
http://crl.securetrust.com/SGCA.crl
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer_
http://www.winimage.com/zLibDll1.2.11rbr
http://www.firmaprofesional.com/cps0
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
http://crl.securetrust.com/SGCA.crl0
https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHun
http://crl.securetrust.com/STCA.crl0
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapp
https://curl.se/docs/hsts.html
http://tools.medialab.sciences-po.fr/iwanthue/index.php
https://client-telemetry.roblox.com
http://www.quovadisglobal.com/cps0
http://a0940040.xsph.ru/@=YzN1UjM1EDM
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
https://client-telemetry.roblox.com0
https://setup.rbxcdn.com
http://crl.dhimyotis.com/certignarootca.crl
http://ocsp.accv.es
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerly:Aug:August:Sep:September:Oct:
https://client-telemetry.roblox.com=
http://repository.swisssign.com/
http://www.roblox.com/
http://crl.xrampsecurity.com/XGCA.crl
http://www.roblox.com
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerServe
https://curl.se/docs/http-cookies.html

Dropped files

Name	File Type	Hashes
C:\Bridgemonitordlldhcp\LzevzXFun.vbe	data	#
C:\Bridgemonitordlldhcp\RuntimeBroker.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Bridgemonitordlldhcp\msRuntime.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 13 hidden entries
C:\Bridgemonitordlldhcp\services.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\RuntimeBroker.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\SearchApp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\Roblox\lmQlnikwdaOsBZrChlXoncrrcNn.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\Windows Mail\lmQlnikwdaOsBZrChlXoncrrcNn.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files\7-Zip\Lang\RuntimeBroker.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files\Mozilla Firefox\uninstall\winlogon.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\lmQlnikwdaOsBZrChlXoncrrcNn.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Recovery\SearchApp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\LYWOi1SGaf.bat	DOS batch file, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\youtube.com	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\Fonts\dllhost.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#

Deep Malware Analysis

oQDQSpA55K.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

oQDQSpA55K.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

oQDQSpA55K.exe