60e40fb428612.dll

Status: finished

Submission Time: 2021-07-06 10:12:25 +02:00

Malicious

Trojan

Ursnif

Comments

Details

Analysis ID:
444548
API (Web) ID:
812137
Analysis Started:

2021-07-06 10:12:25 +02:00
Analysis Finished:

2021-07-06 10:21:13 +02:00
MD5:
c6bfea479b46b9eb7a69667e0165179f
SHA1:
c7f449ab51a47791a8f3041f0a0dce7c6feb06c4
SHA256:
62dbfe723197430a3af1ec9262fcd2a5c2bfc8e81b97c313101f0a5388d587fc
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
40.101.18.18	United States
40.97.116.82	United States
52.97.201.18	United States

Domains

Name	IP	Detection
vuredosite.club	37.120.222.6
FRA-efz.ms-acdc.office.com	40.101.18.18
ei.rdtcdn.com	0.0.0.0
Click to see the 21 hidden entries
www.outlook.com	0.0.0.0
hw-cdn.trafficjunky.net	0.0.0.0
ht.redtube.com	0.0.0.0
stats.g.doubleclick.net	0.0.0.0
outlook.office365.com	0.0.0.0
cdn1d-static-shared.phncdn.com	0.0.0.0
ci-ph.rdtcdn.com	0.0.0.0
www.redtube.com	0.0.0.0
static.trafficjunky.com	0.0.0.0
vip0x08e.ssl.rncdn5.com	205.185.208.142
www.google.de	142.250.201.195
ads.trafficjunky.net	66.254.114.38
ei.rdtcdn.com.sds.rncdn7.com	64.210.135.68
outlook.com	40.97.116.82
hubtraffic.com	66.254.114.32
vip0x04f.ssl.rncdn5.com	205.185.208.79
HHN-efz.ms-acdc.office.com	52.97.201.18
cs733.wpc.rncdn4.com	192.229.221.206
vip0x055.ssl.rncdn5.com	205.185.208.85
redtube.com	66.254.114.238
stats.l.doubleclick.net	142.250.102.155

URLs

Name	Detection
http://espanol.search.yahoo.com/
http://www.univision.com/
http://www.soso.com/
Click to see the 97 hidden entries
http://www.google.cz/
http://www.google.si/
http://searchresults.news.com.au/
http://search.nifty.com/
http://www.gmarket.co.kr/
http://search.ebay.com/
http://search.yahoo.co.jp/favicon.ico
http://openimage.interpark.com/interpark.ico
http://search.sify.com/
http://www.ozu.es/favicon.ico
http://search.ebay.it/
https://ei.rdtcdn.com/www-static/cdn_files/redtube/icons/favicon.png?v=855e9f26de79d21367b6ee4a42556
http://uk.search.yahoo.com/
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
https://www.redtube.com/favicon.ico
http://browse.guardian.co.uk/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://busca.buscape.com.br/favicon.ico
http://sads.myspace.com/
http://outlook.com/grower/v6VaX2L98iQ9vNPqP6I1/s7YQ5JAQQXN9djD_2BP/oxHIXx6SfkQXQHWk5gYign/kG_2FSXB9u
http://www.iask.com/
http://p.zhongsou.com/favicon.ico
https://www.redtube.com/18=q
http://search.centrum.cz/favicon.ico
http://www.myspace.com/favicon.ico
http://search.espn.go.com/
https://www.redtube.com/BbRR
http://search.ipop.co.kr/favicon.ico
http://search.interpark.com/
http://suche.freenet.de/favicon.ico
http://search.seznam.cz/favicon.ico
http://cgi.search.biglobe.ne.jp/
http://www.tesco.com/
http://www.amazon.de/
http://search.orange.co.uk/favicon.ico
http://buscador.terra.es/
http://www.target.com/
http://search.yahoo.co.jp
http://auto.search.msn.com/response.asp?MT=
http://www.twitter.com/
http://cnweb.search.live.com/results.aspx?q=
http://busca.orange.es/
http://www.asharqalawsat.com/
http://images.joins.com/ui_c/fvc_joins.ico
http://www.amazon.com/
http://asp.usatoday.com/
http://search.rediff.com/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://www.reddit.com/
https://www.redtube.com/
http://msk.afisha.ru/
http://%s.com
http://image.excite.co.jp/jp/favicon/lep.ico
http://search.ebay.in/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://in.search.yahoo.com/
http://rover.ebay.com
http://fr.search.yahoo.com/
http://www.ya.com/favicon.ico
http://www.sogou.com/favicon.ico
http://search.yahoo.com/favicon.ico
http://buscar.ya.com/
http://www3.fnac.com/favicon.ico
http://www.dailymail.co.uk/
http://www.nifty.com/favicon.ico
http://www.rambler.ru/
http://www.mtv.com/
http://search.ebay.de/
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://buscar.ozu.es/
http://www.ceneo.pl/
http://search.auction.co.kr/
http://www.google.it/
http://suche.t-online.de/
http://search.centrum.cz/
http://www.cjmall.com/
http://www.priceminister.com/favicon.ico
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://busca.igbusca.com.br/
http://search.about.com/
http://kr.search.yahoo.com/
http://search.chol.com/favicon.ico
http://www.clarin.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://search.naver.com/favicon.ico
http://search.daum.net/
http://www.abril.com.br/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://search.hanafos.com/favicon.ico
http://www.google.ru/
http://search.naver.com/
http://it.search.dada.net/favicon.ico
http://www.etmall.com.tw/favicon.ico

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F4ECD44-DE7D-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F4ECD46-DE7D-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF1C465EC4A4AE6446.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFC3C25805150DF731.TMP	data	#

60e40fb428612.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

60e40fb428612.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

60e40fb428612.dll