flash

60e40fb428612.dll

Status: finished
Submission Time: 06.07.2021 10:12:25
Malicious
Trojan
Ursnif

Comments

Tags

  • dll
  • enel
  • geo
  • gozi
  • isfb
  • ita
  • ursnif

Details

  • Analysis ID:
    444548
  • API (Web) ID:
    812137
  • Analysis Started:
    06.07.2021 10:12:25
  • Analysis Finished:
    06.07.2021 10:21:13
  • MD5:
    c6bfea479b46b9eb7a69667e0165179f
  • SHA1:
    c7f449ab51a47791a8f3041f0a0dce7c6feb06c4
  • SHA256:
    62dbfe723197430a3af1ec9262fcd2a5c2bfc8e81b97c313101f0a5388d587fc
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
68/100

IPs

IP Country Detection
40.101.18.18
United States
40.97.116.82
United States
52.97.201.18
United States

Domains

Name IP Detection
vuredosite.club
37.120.222.6
www.google.de
142.250.201.195
stats.l.doubleclick.net
142.250.102.155
Click to see the 21 hidden entries
redtube.com
66.254.114.238
vip0x055.ssl.rncdn5.com
205.185.208.85
cs733.wpc.rncdn4.com
192.229.221.206
HHN-efz.ms-acdc.office.com
52.97.201.18
vip0x04f.ssl.rncdn5.com
205.185.208.79
hubtraffic.com
66.254.114.32
outlook.com
40.97.116.82
ei.rdtcdn.com.sds.rncdn7.com
64.210.135.68
ads.trafficjunky.net
66.254.114.38
FRA-efz.ms-acdc.office.com
40.101.18.18
vip0x08e.ssl.rncdn5.com
205.185.208.142
static.trafficjunky.com
0.0.0.0
www.redtube.com
0.0.0.0
ci-ph.rdtcdn.com
0.0.0.0
cdn1d-static-shared.phncdn.com
0.0.0.0
outlook.office365.com
0.0.0.0
stats.g.doubleclick.net
0.0.0.0
ht.redtube.com
0.0.0.0
hw-cdn.trafficjunky.net
0.0.0.0
www.outlook.com
0.0.0.0
ei.rdtcdn.com
0.0.0.0

URLs

Name Detection
http://search.chol.com/favicon.ico
http://www.mercadolivre.com.br/
http://www.merlin.com.pl/favicon.ico
Click to see the 97 hidden entries
http://search.ebay.de/
http://www.mtv.com/
http://www.rambler.ru/
http://www.nifty.com/favicon.ico
http://www.dailymail.co.uk/
http://www3.fnac.com/favicon.ico
http://buscar.ya.com/
http://search.yahoo.com/favicon.ico
http://www.sogou.com/favicon.ico
http://asp.usatoday.com/
http://fr.search.yahoo.com/
http://rover.ebay.com
http://in.search.yahoo.com/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://search.ebay.in/
http://image.excite.co.jp/jp/favicon/lep.ico
http://%s.com
http://msk.afisha.ru/
https://www.redtube.com/
http://www.reddit.com/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://search.rediff.com/
http://www.ya.com/favicon.ico
http://www.etmall.com.tw/favicon.ico
http://it.search.dada.net/favicon.ico
http://search.naver.com/
http://www.google.ru/
http://search.hanafos.com/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://www.abril.com.br/favicon.ico
http://search.daum.net/
http://search.naver.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://www.clarin.com/favicon.ico
http://buscar.ozu.es/
http://kr.search.yahoo.com/
http://search.about.com/
http://busca.igbusca.com.br/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://www.ask.com/
http://www.priceminister.com/favicon.ico
http://www.cjmall.com/
http://search.centrum.cz/
http://suche.t-online.de/
http://www.google.it/
http://search.auction.co.kr/
http://www.ceneo.pl/
http://www.amazon.de/
http://outlook.com/grower/v6VaX2L98iQ9vNPqP6I1/s7YQ5JAQQXN9djD_2BP/oxHIXx6SfkQXQHWk5gYign/kG_2FSXB9u
http://sads.myspace.com/
http://busca.buscape.com.br/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://browse.guardian.co.uk/favicon.ico
https://www.redtube.com/favicon.ico
http://google.pchome.com.tw/
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://www.rambler.ru/favicon.ico
http://uk.search.yahoo.com/
https://ei.rdtcdn.com/www-static/cdn_files/redtube/icons/favicon.png?v=855e9f26de79d21367b6ee4a42556
http://espanol.search.yahoo.com/
http://www.ozu.es/favicon.ico
http://search.sify.com/
http://openimage.interpark.com/interpark.ico
http://search.yahoo.co.jp/favicon.ico
http://search.ebay.com/
http://www.gmarket.co.kr/
http://search.nifty.com/
http://searchresults.news.com.au/
http://www.google.si/
http://www.google.cz/
http://www.soso.com/
http://www.univision.com/
http://search.ebay.it/
http://www.amazon.com/
http://images.joins.com/ui_c/fvc_joins.ico
http://www.asharqalawsat.com/
http://busca.orange.es/
http://cnweb.search.live.com/results.aspx?q=
http://www.twitter.com/
http://auto.search.msn.com/response.asp?MT=
http://search.yahoo.co.jp
http://www.target.com/
http://buscador.terra.es/
http://search.orange.co.uk/favicon.ico
http://www.iask.com/
http://www.tesco.com/
http://cgi.search.biglobe.ne.jp/
http://search.seznam.cz/favicon.ico
http://suche.freenet.de/favicon.ico
http://search.interpark.com/
http://search.ipop.co.kr/favicon.ico
https://www.redtube.com/BbRR
http://search.espn.go.com/
http://www.myspace.com/favicon.ico
http://search.centrum.cz/favicon.ico
https://www.redtube.com/18=q
http://p.zhongsou.com/favicon.ico

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F4ECD44-DE7D-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F4ECD46-DE7D-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF1C465EC4A4AE6446.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFC3C25805150DF731.TMP
data
#