flash

cVZ5IwmAMe.dll

Status: finished
Submission Time: 2022-10-20 14:19:06 +02:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • dll
  • gozi
  • isfb
  • pw758493
  • ursnif

Details

  • Analysis ID:
    726756
  • API (Web) ID:
    1094126
  • Analysis Started:
    2022-10-20 14:19:06 +02:00
  • Analysis Finished:
    2022-10-20 14:29:23 +02:00
  • MD5:
    17ddc738604a040176b85c80173c5090
  • SHA1:
    75db1976ccc16912d4f1d4fc68b8c8975ad39ac4
  • SHA256:
    4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
34/71

malicious
18/40

IPs

IP Country Detection
62.173.145.183
Russian Federation
31.41.44.194
Russian Federation

Domains

Name IP Detection
l-0007.l-dc-msedge.net
13.107.43.16
linetwork.top
62.173.145.183
onlinetwork.top
31.41.44.194

URLs

Name Detection
http://onlinetwork.top/
http://linetwork.top/drew/0sQ7G5MK/K3A5th94SczU1K59UFfpeLh/J17DiVhkKW/LyhNewAspCDHUtEas/F0gRR_2BrzDs
http://onlinetwork.top/drew/5f_2BEDtM2CrlBj8hi85/PfpslRV80x6hEReBBsC/BgCJ3i1tejkKUVj0skPC_2/FG_2BjUb
Click to see the 5 hidden entries
http://onlinetwork.top/drew/K_2FqA2xbKL/njlOSx6YZxCsC1/NFhl_2FKNwee1I_2FsyQo/3lkzkmpLRl6mAh0d/8NioTP
http://linetwork.top/drew/KMMjqoTxziRlJvE/gNQPrvUPxqLNufKLCE/JH3UmHEB_/2B_2BzV_2BvfObx2f9w0/DgM6KzpzkFa0_2B2dRV/pBB0_2FnhSh3B1HrWQggbl/6yr_2BeHM7RhP/EQBdRd5n/WMFWEYQbNncplyS1nZxHquO/Dl0_2FZlCi/H7jS5UTDOVVAj0e_2/BP38A8joa9MI/uVE_2Fo3ECW/1FFJSef9MuZGr_/2B9LknlvHMlh3p6lHoAOu/HpoF5RbVarHLswoW/XhjcRNsVFN_2Faq/1QC22OwanscYLqlevC/p97ADQM6AS8_2FJi/nn82n.jlk
http://linetwork.top/
http://linetwork.top/drew/0sQ7G5MK/K3A5th94SczU1K59UFfpeLh/J17DiVhkKW/LyhNewAspCDHUtEas/F0gRR_2BrzDs/iuv6_2F2R2q/VU2O6EJ3EhI5uh/A5C2wRpZF_2FN6Skwj1uH/gsVRqmZs2mqIGO1d/sKRhOCfSSp3MAva/Mxxm2nqzKORinrbeZ3/z67oAItgn/k8VHFWexyUU_2FA_2BPV/QdcdTsvdt_2BKefM9G5/mT6M3zVj_2BfxHgfvoM1Vv/marhfTTPZdwKD/8RgEG4oq/f5httb_2BKiNQuEoUj_2FU4/qo0ljR4FNC0/5q1FSK.jlk
http://linetwork.top/drew/09dgKs_2BbGAUCZtNDfinAe/OBR2Fkwyls/rLfOzEm8taaEOpdgP/DGmX0HEH0YWb/9UgQCY1OoBP/16pWsh4Cy9rMRa/0naMTlH4D0jWSBvaLUMCT/VzfvlLpo6FHUtlJQ/DtpBc7vmn8rOS4k/xe3M0wkxCK5Om9Qsrc/Fu1mpdzkb/E5_2FW9vtCbCxhM8q_2F/YFJvu0mL313E60i9bem/o9T05qm4K45Pkaydjzo9gZ/BS0FXjQKsPhWn/z4GNxY84/_2FhBQGZQz4I6Dv77YbEnq5/_2FeodcjVbE87q/b67.jlk

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_cca756cf3ca542105b493949e775f8b1db5ee_fe4ae974_158939b6\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_dc7d771a9db219da0c9c31413fa668d5ca41a6_fe4ae974_05552e4d\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER264E.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Oct 20 21:20:17 2022, 0x1205a4 type
#
Click to see the 5 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER27E5.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER28A1.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER33DA.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Oct 20 21:20:21 2022, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3572.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER363E.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#