top title background image
flash

presentation.dll

Status: finished
Submission Time: 2021-05-05 12:47:06 +02:00
Malicious
Trojan
Ursnif

Comments

Tags

  • gozi

Details

  • Analysis ID:
    404837
  • API (Web) ID:
    711827
  • Analysis Started:
    2021-05-05 12:50:17 +02:00
  • Analysis Finished:
    2021-05-05 12:58:39 +02:00
  • MD5:
    9debcd929765390555ca123c0076eea4
  • SHA1:
    d0c68d1d874a877dbbbce1fea0bb164c6bdad642
  • SHA256:
    9969cfd81612d1efbc5e983b57ff2fa2a69a3f6a6812c6da8382bf0c22014cf4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 68
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
34.86.224.8
United States

Domains

Name IP Detection
app.buboleinov.com
34.86.224.8

URLs

Name Detection
http://app.buboleinov.com/bMm8AkF4K_2F_2FveRzR2f/nYi0xtk5xaARe/_2F_2Fyn/MhC_2BrW8ZBR5d6Ebe1q1AA/_2FU

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93F744B1-ADDB-11EB-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93F744B3-ADDB-11EB-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http_404[1]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF615A7858A33FDD4B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFE183529A9C549E1C.TMP
data
#