top title background image
flash

pzG0rkIchr.dll

Status: finished
Submission Time: 2022-11-24 05:18:08 +01:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • exe
  • LDR4

Details

  • Analysis ID:
    752975
  • API (Web) ID:
    1120258
  • Analysis Started:
    2022-11-24 05:18:08 +01:00
  • Analysis Finished:
    2022-11-24 05:40:56 +01:00
  • MD5:
    d6ef4778f7dc9c31a0a2a989ef42d2fd
  • SHA1:
    5dad8394ef37d5a006674589754f7a3187d303b1
  • SHA256:
    54de1f2c26a63a8f6b7f8d5de99f8ebd4093959ab07f027db1985d0652258736
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 84
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious
Score: 40/70
malicious
Score: 19/26
malicious

IPs

IP Country Detection
185.250.148.35
Russian Federation

Domains

Name IP Detection
gigimas.xyz
185.250.148.35

URLs

Name Detection
https://gigimas.xyz/index.html
https://gigimas.xyz:443/index.html
https://gigimas.xyz:443/index.htmlY_
Click to see the 17 hidden entries
https://gigimas.xyz/
https://gigimas.xyz/index.htmlm
https://gigimas.xyzhttps://reaso.xyz
https://gigimas.xyz/index.htmlT
https://gigimas.xyz
https://gigimas.xyz/index.html5F
https://gigimas.xyz/index.html9Pu/Jl
https://http://Mozilla/5.0
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
http://ocsp.sectigo.com0
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
https://sectigo.com/CPS0
https://reaso.xyz
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_206411b7d18c8b51ef308e99261d801f59953bc0_4f0e5919_15ebd55f\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_738eef979a666465c6051ddd5fef4b7e70c91a_4f0e5919_15905d59\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER148A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
Click to see the 5 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BBF.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC66.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Nov 24 13:31:29 2022, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF55.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD021.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC43.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Nov 24 13:31:09 2022, 0x1205a4 type
#