flash

SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll

Status: finished
Submission Time: 2022-11-30 00:32:06 +01:00
Malicious
Trojan
Evader
Luca Stealer

Comments

Tags

  • exe

Details

  • Analysis ID:
    756307
  • API (Web) ID:
    1123583
  • Analysis Started:
    2022-11-30 00:32:06 +01:00
  • Analysis Finished:
    2022-11-30 00:48:08 +01:00
  • MD5:
    977f29431f9233f22f51b3d27e8abc28
  • SHA1:
    7999931d13db79b25e8660065fbbe5288dc04d7e
  • SHA256:
    b875add23dbf8b2942af53c0610c779c4263dacdf69186a3d4c9c09c3ebebdbe
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

clean
2/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

malicious
52/100

IPs

IP Country Detection
191.252.51.12
Brazil

Domains

Name IP Detection
anydesk10.hospedagemdesites.ws
191.252.51.12

URLs

Name Detection
https://discord.com/DDiscordBot
https://docs.rs/getrandom#nodejs-es-module-supportCalling
https://discord.com/api/v10/stage-instanceshttps://discord.com/api/v10/stage-instances/
Click to see the 27 hidden entries
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-oC:
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e00630068006500
https://discord.com/api/v10/applications//commands/
https://freegeoip.app/json/
http://ip-api.com/json/
https://discord.com/api/v10/sticker-packshttps://discord.com/api/v10/users/
https://discord.com/api/v10/channels/
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e006e0061007600
https://freegeoip.app/json/X
https://discord.com/api/v10/oauth2/applications/
https://curl.se/docs/hsts.html
https://status.discord.com/api/v2/incidents/unresolved.jsonhttps://status.discord.com/api/v2/schedul
https://discord.com/api/v10/users/
http://anydesk10.hospedagemdesites.ws/UIServices.jpg
https://ipapi.co//json/
https://discord.com/api/v10/interactions//callback
https://discord.com/api/v10/guilds/iconbannerjoined_atstring
https://curl.se/docs/alt-svc.html
https://discord.com/
https://discord.com/api/v10/voice/regionshttps://discord.com/api/v10/webhooks/
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-o%temp%
http://ipwhois.app/json/
https://github.com/serenity-rs/serenity
https://discord.com/api/v10/guildshttps://discord.com/api/v10/invites/
https://discord.com/api/v10/gatewayhttps://discord.com/api/v10/gateway/bot
https://curl.se/docs/http-cookies.html
https://api.telegram.org/bot

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\UIServices.exe (copy)
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\UIServices.exe (copy)
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\UIServices.exe (copy)
PE32+ executable (GUI) x86-64, for MS Windows
#
Click to see the 53 hidden entries
C:\Windows\Temp\~DF4DE7771CC64A5A9A.TMP
data
#
C:\Windows\Installer\MSIC14D.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSIECC4.tmp
data
#
C:\Windows\Installer\MSIECF4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\SourceHash{F73CE0E6-78CF-454D-9161-7ECE19A3E9D5}
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Logs\DPX\setupact.log
CSV text
#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
#
C:\Windows\Temp\~DF08EC10C6FA1D2184.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Temp\~DF0E992ED88844D6C1.TMP
data
#
C:\Windows\Temp\~DF17A798673345C078.TMP
data
#
C:\Windows\Temp\~DF25B15AEE30697DAD.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Temp\~DF36464CBF16E54E06.TMP
data
#
C:\Windows\Temp\~DF49A8548405E9067B.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Installer\MSI8CB0.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Temp\~DF4F91D2AF9D4E15DB.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Temp\~DF62C5956E9BC9E586.TMP
data
#
C:\Windows\Temp\~DF7B2A307C8AA17666.TMP
data
#
C:\Windows\Temp\~DF83A0503CF199010F.TMP
data
#
C:\Windows\Temp\~DF8F3DF616D8AE56F9.TMP
data
#
C:\Windows\Temp\~DFB2ED7D6DF90FC402.TMP
data
#
C:\Windows\Temp\~DFC0DF350B38604086.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Temp\~DFCBACE4E1BA405D3C.TMP
data
#
C:\Windows\Temp\~DFCCBD8EB92D670390.TMP
data
#
C:\Windows\Temp\~DFCE0B9ADDDB293763.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Windows\Temp\~DFF7B6CD3F78D0E5AF.TMP
data
#
\Device\ConDrv
ASCII text, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\1305f6fe679b4fa294331bb6eb899bc4$dpx$.tmp\0eae52cd25d2e54183e98bebd14ba490.tmp
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MSIbc4f7.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files.cab
Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression
#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\537a39cd2c1b400e9f1169024b13d68d$dpx$.tmp\29b46379382ed74d83879371e86987c8.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\537a39cd2c1b400e9f1169024b13d68d$dpx$.tmp\3439ecd5563108439a8db68236176daf.tmp
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\vcruntime140.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\msiwrapper.ini
data
#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files.cab
Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression
#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\c52dbbfefebf4f3e88ce36e5881f78eb$dpx$.tmp\67fcf2e8352ef94eab64e4a4d4509680.tmp
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\c52dbbfefebf4f3e88ce36e5881f78eb$dpx$.tmp\fcfd202f570ae346b7d75b811246e386.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\vcruntime140.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\msiwrapper.ini
data
#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files.cab
Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression
#
C:\Windows\Installer\MSI931A.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\1305f6fe679b4fa294331bb6eb899bc4$dpx$.tmp\30833088ae6bfb4abc107567083083c9.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\vcruntime140.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\msiwrapper.ini
data
#
C:\Users\user\AppData\Local\Temp\spclwow78x.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)
#
C:\Windows\Installer\3bbba0.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)
#
C:\Windows\Installer\3bbba1.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)
#
C:\Windows\Installer\3bbba2.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)
#
C:\Windows\Installer\MSI1F1E.tmp
data
#
C:\Windows\Installer\MSI1F4D.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI24FC.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Installer\MSI8C81.tmp
data
#
C:\Users\user\AppData\Local\Temp\MSIbbb33.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#