flash

7078612.dll

Status: finished
Submission Time: 2022-11-23 10:47:11 +01:00
Malicious
E-Banking Trojan
Trojan
Exploiter
Evader
Ursnif

Comments

Tags

  • dll
  • Ursnif

Details

  • Analysis ID:
    752294
  • API (Web) ID:
    1119576
  • Analysis Started:
    2022-11-23 10:53:38 +01:00
  • Analysis Finished:
    2022-11-23 11:06:31 +01:00
  • MD5:
    cba263871219062d981111b00cc131fc
  • SHA1:
    50e2c7caf7dd0f826bc6e814bd62fbb39982ceed
  • SHA256:
    65f687a5c0e757cd8e296f8b0453b27726e5017502e93dcb8379d59fe9c056a3
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
18/90

malicious

IPs

IP Country Detection
31.41.44.51
Russian Federation
31.207.46.124
Netherlands
172.105.103.207
United States
Click to see the 1 hidden entries
62.173.149.9
Russian Federation

Domains

Name IP Detection
meganetwork.top
31.41.44.51
internetcoca.in
172.105.103.207
supernetwork.top
62.173.149.9

URLs

Name Detection
http://internetcoca.in/jerry/T6bm4Th9ln_2Fe/GCStuiGucXHPyvDK2HFa_/2Fnq4Pg9Qcwk7hcp/3kKDARDgW7_2BxB/l
http://internetcoca.in/
http://31.207.46.124/jerry/jTzxAnqL2OvVUr_2F/fauV7gAxn9qx/8pFCJL9tnDU/iLzaMJ4HX1GykO/HoC2Mc7MKhdMVEZs5LHn1/1_2BHT6MZAolHFOS/6QcVb6Sy1jmNhbf/GYszPrGfJFenuaRQz6/_2BhFQScX/2I2_2FVeVKW5cCoy7gT4/8KYwuw3rx60555o08Kn/opCh843XnHy29nfuXF6b2z/huTk_2FUjzUDI/ISxuKPlx/DZKqk4ugdLqCYc3dzjZ_2Br/21q0mwi2jT/PIT_2FnEyJ3MqtVh6/qexCz0xFpyCT/BYpr5_2B38q/mb5tW8uXYlLBsL/HRJTV7U9DpT/Lb.bob
Click to see the 19 hidden entries
http://supernetwork.top/jerry/c5L4i7gs7U/TPlgCZUjVlFX76S6w/ptrxQO4jUOhI/F6ePNzRyuKF/MbNtzcp0Ju65aR/ZLc8q9AvlDxusKBXZEkxW/7UMIMirPk3DmAiEd/MIUggpPiQ7ixyfB/FE8tNplPzMQkKS2ZFu/JXFIU12Aw/jv5mVYFsQ20lg4INnqbs/F8R3I0LYx88osTnvgV0/etG2XQldFgo6x4JgYsuQNF/j4JQ96Ft17Rz7/eCxN97dQ/rJhcjYfddaM8eJW_2Fean2z/A92cM0Ky22/lOBKLw85du6YHY_2B/3g2GAbm.bob
http://31.207.46.124/jerry/3nn_2BNEVXd0Rxht2AWGTxC/GW4p8XGNLb/FjhKQ84fH_2BkNicF/oP5tQPlnMrJr/VzmSaztxByX/Gj2CVVFo49mQFm/C9zaruRo3JRcHrjSr91x3/QFYBC_2FsxN_2B7X/uufaTAjpOm99699/Pq_2FSETrsZSqN9Ojz/3qeuXW2xr/R0a72t7BsPAzZ_2BbGig/RJ4QPZizbCIE_2Fbc3V/bnU9fiqNJ0ptmBxGj2iZqV/2_2BtpYpuaB39/FW0ST0qr/ePsn6GFPOwexxSy3EgaplHS/uHjfw_2BI_/2BU_2B8F8OF00pKIM/YJkKjo7czRDc/E_2BThKsX/cG_2Fr.bob
http://internetcoca.in/a
http://internetcoca.in/jerry/T6bm4Th9ln_2Fe/GCStuiGucXHPyvDK2HFa_/2Fnq4Pg9Qcwk7hcp/3kKDARDgW7_2BxB/lHo21jXWhX39Xk5R4R/_2F_2FyAz/YZ8oYHuNhYCmHdf0wSbR/salWQlnNDBjP7A66JVO/sppCnKDjVH3lbE5G7LF5U7/5LSg_2BcZCu_2/F5_2FR_2/B6AH2Mv27ibqMLrY4km_2Fx/gY8_2FL6Mv/5k_2BKapoEIZ8reVa/lFw7CKKCr00_/2FffYJ4qZ35/6uQ8_2B3xnzdTZ/FQ3TIcDZlZ_2BmcKyHZ4r/5C6qwwmwbcuALm_2/BEPFExtOhb_2B6k/D_2FhWFqp3TtB_2BN/1vytrT.bob
http://31.207.46.124/jerry/5BN0ICz4uWiAkFly3NWE/wdb3AqkjVSwyFUhuqrz/lHc_2B4wxe4nLA1HUOqfnP/QlJbnXjOv_2Ft/Q5KyRgYr/iv5NSA792h1xHcDS5L6fsEG/6f6Mo_2Fxe/zRCCWBAwTeLJqLbV9/kqNgWULptALz/6SvcsPi5EHX/ePWs4WCPyL8a8x/7zSS0_2F0FPHafzsv8Nrj/_2FvbJqIrbuIliTu/28Zs8gl0EBncgLE/E0Xb7wwqBhrlCP2lDF/LuKqKVbSw/I0P0F2TMmM1CY00Wt6n5/Qvz8fbopIWFtWKI6Q1E/CrYECeKd/SC2ahZciZ/j0v83.bob
http://meganetwork.top/jerry/hMt_2FkMsACDp/Ggtycrpr/3jyWUhPR8uVsI6k_2Bbu1hb/kdbdt_2BOm/9tP_2BQtD9vLJNuMH/RpW6bg0QRvZX/QXfPDGL10GT/SdaapIAklDbfEO/Uj_2BAmamwU2u8BHod3aP/PgD0dTDTJEMSc0UK/j1e9AdZnRhxmLd2/iyZSWXfqsPP5Mz2_2F/RxfeMhVZi/snsYr1rBTn9DbB3n1htJ/THaNUdrjEpMaPV5FZB0/hnSI3F95hi8RSrq2PqAvJg/NhyoyNMSlw300/RuRhnMAi/yuKjfRG8BZDb0ZtEsV/Y0c.bob
http://meganetwork.top/
http://meganetwork.top/jerry/hMt_2FkMsACDp/Ggtycrpr/3jyWUhPR8uVsI6k_2Bbu1hb/kdbdt_2BOm/9tP_2BQtD9vLJ
http://supernetwork.top/jerry/c5L4i7gs7U/TPlgCZUjVlFX76S6w/ptrxQO4jUOhI/F6ePNzRyuKF/MbNtzcp0Ju65aR/Z
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://31.207.46.124/jerry/5BN0ICz4uWiAkFly3NWE/wdb3AqkjVSwyFUhuqrz/lHc_2B4wxe4nLA1HUOqfnP/QlJbnXjOv
http://supernetwork.top/
http://supernetwork.top/E
http://supernetwork.top/%
http://https://file://USER.ID%lu.exe/upd
http://31.207.46.124/jerry/jTzxAnqL2OvVUr_2F/fauV7gAxn9qx/8pFCJL9tnDU/iLzaMJ4HX1GykO/HoC2Mc7MKhdMVEZ
http://constitution.org/usdeclar.txtC:
http://constitution.org/usdeclar.txt
http://31.207.46.124/jerry/3nn_2BNEVXd0Rxht2AWGTxC/GW4p8XGNLb/FjhKQ84fH_2BkNicF/oP5tQPlnMrJr/VzmSazt

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\ogaysol0.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (356), with no line terminators
#
C:\Users\user\AppData\Local\Temp\bplkxjdz.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (356), with no line terminators
#
C:\Users\user\WhiteBook.lnk
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized
#
Click to see the 15 hidden entries
C:\Users\user\TestLocal.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\ogaysol0.out
Unicode text, UTF-8 (with BOM) text, with very long lines (435), with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\ogaysol0.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ogaysol0.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text
#
C:\Users\user\AppData\Local\Temp\bplkxjdz.out
Unicode text, UTF-8 (with BOM) text, with very long lines (435), with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\bplkxjdz.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Temp\bplkxjdz.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qy1ixiuz.x3z.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jt23bwkp.2ng.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\RESF4AD.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Nov 23 18:57:25 2022, 1st section name ".debug$S"
#
C:\Users\user\AppData\Local\Temp\RESE9EF.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Nov 23 18:57:22 2022, 1st section name ".debug$S"
#
C:\Users\user\AppData\Local\Temp\CSCCB299674C9DE4DC69C5A44CA79DFE4B3.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\CSC256FD05AD86B46298536785867B2F65B.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#