top title background image
flash

gsG7jGFk3I.dll

Status: finished
Submission Time: 2021-04-19 23:31:57 +02:00
Malicious
E-Banking Trojan
Trojan
Evader
Dridex Dropper

Comments

Tags

  • 40111
  • Dridex

Details

  • Analysis ID:
    392878
  • API (Web) ID:
    687859
  • Analysis Started:
    2021-04-19 23:32:00 +02:00
  • Analysis Finished:
    2021-04-19 23:48:58 +02:00
  • MD5:
    e8675c9ab1bb95547b902176997e37a1
  • SHA1:
    c088263ed0a68c8b9ffb092d41a53603ae25e69b
  • SHA256:
    6934bf4b117408db966b2c8afc1adde7e8bbb2063b7a284727e44a28a6769bea
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

IPs

IP Country Detection
159.203.93.122
United States
50.116.27.97
United States
94.247.168.64
Sweden

URLs

Name Detection
http://ansicon.adoxa.vze.com/6

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_eac5c5ff6135a0fa57fda95e87d917a4681d1_160cf2be_11c400b1\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECBB.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Apr 20 06:33:30 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4FA.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAD7.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#