lj3H69Z3Io.dll

Status: finished

Submission Time: 2021-07-12 11:32:03 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
447090
API (Web) ID:
814680
Analysis Started:

2021-07-12 11:34:57 +02:00
Analysis Finished:

2021-07-12 12:00:32 +02:00
MD5:
0bb29556ece1c51c751cb4e7c8752ddc
SHA1:
324cc356a56c68e51f09348e91405001e68e4a08
SHA256:
af1b052362469a67fcd871558b24efa2be44a4b29f88112e5c2d2295a1dc4252
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 48	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 96	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 28/67

malicious

Score: 9/29

IPs

IP	Country	Detection
167.172.38.18	United States

Domains

Name	IP	Detection
gtr.antoinfer.com	167.172.38.18

URLs

Name	Detection
http://gtr.antoinfer.com/favicon.ico
http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2
http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2FaVCd/bp1e8aV2PI_2/FY5oP4oo0f6/GeARX2_2FlA_2F/2BhurwBe_2BrsQ1B1bUK7/wilinEmmYIdaZ6lz/71Mw33QzoCtr9s9/ULFilVIFcIxUDJIsEo/crrSiFkaK/6sQSCYti3ETwug18IBlk/b94MQVqQ698rgMibrOo/RMBVkg8AFrK4uT2Dq6pO06/OdceZPFn8QQWz/SARUSfJd/dirYBJB3Uuu4IivFAYs9FmV/Pmcsy6YvBv/Lcgiqf1bUTKnYCeNL/dikDMv66Bty/6H
Click to see the 12 hidden entries
http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2FaVCd
http://gtr.antoinfer.com/Pl9Eori10/TWROVDxUXG0e5P8cvyge/ZU2BrrTT9UbiVqqjDG4/pcVLHkjQ_2FTIEKMeI9p0c/u
http://gtr.antoinfer.com/4khtvsQ0u/_2Bibxls4V27IXxwFbLo/MVAeZiN_2BcOXrnrV8V/qJdJNxZ6Bgv5NEeycuU5RT/x
http://nuget.org/NuGet.exe
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://github.com/Pester/Pester

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\a[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\Documents\20210712\PowerShell_transcript.992547.S0FaV4MQ.20210712115054.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DFBCEA36BA3DC5EC74.TMP	data	#
Click to see the 16 hidden entries
C:\Users\user\AppData\Local\Temp\~DFA4D21E6A958BB9F9.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF7A8FA428499FD9A8.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF5A692A62F2D75F35.TMP	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a5sxjpc1.1lo.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4pzye43c.itc.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\SgPLk[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_8e10347d3010a05cec57e2a7338104047e76f62_82810a17_01564e18\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\6H[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08A52036-E342-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08A52034-E342-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08A52032-E342-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{08A52030-E342-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3840.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3457.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A24.tmp.dmp	Mini DuMP crash report, 14 streams, Mon Jul 12 18:49:35 2021, 0x1205a4 type	#

lj3H69Z3Io.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

lj3H69Z3Io.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

lj3H69Z3Io.dll