flash

945.dll

Status: finished
Submission Time: 14.07.2021 15:45:12
Malicious
Trojan
Ursnif

Comments

Tags

  • dll
  • gozi

Details

  • Analysis ID:
    448650
  • API (Web) ID:
    816239
  • Analysis Started:
    14.07.2021 15:45:12
  • Analysis Finished:
    14.07.2021 15:54:40
  • MD5:
    9453981ab8e71981bea907b3f2d11395
  • SHA1:
    ca0f69ef71bf287bdd19a8a9811c1f0dd2ff50e6
  • SHA256:
    fa97cd35d76337ff4a523ebdd7f879359a70432a14b7377f06df29c4679b3f70
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
80/100

malicious
9/35

malicious
17/29

IPs

IP Country Detection
52.97.201.242
United States
40.97.128.194
United States
52.97.232.194
United States
Click to see the 3 hidden entries
52.97.186.114
United States
52.98.168.178
United States
40.97.116.82
United States

Domains

Name IP Detection
vuredosite.club
37.120.222.6
hw-cdn.trafficjunky.net
0.0.0.0
www.outlook.com
0.0.0.0
Click to see the 27 hidden entries
ei.rdtcdn.com
0.0.0.0
di-ph.rdtcdn.com
0.0.0.0
v.vfgte.com
0.0.0.0
stivers-ricsovers.com
3.65.154.208
adpmbtj.com
192.99.16.134
ZRH-efz.ms-acdc.office.com
52.97.201.242
stats.l.doubleclick.net
74.125.128.154
redtube.com
66.254.114.238
vip0x055.ssl.rncdn5.com
205.185.208.85
vip0x04f.ssl.rncdn5.com
205.185.208.79
hubtraffic.com
66.254.114.32
outlook.com
40.97.116.82
ei-ph.rdtcdn.com.sds.rncdn7.com
64.210.135.68
ei.rdtcdn.com.sds.rncdn7.com
64.210.135.70
ads.trafficjunky.net
66.254.114.38
www.google.ch
172.217.168.3
vip0x08e.ssl.rncdn5.com
205.185.208.142
static.trafficjunky.com
0.0.0.0
www.adpmbtj.com
0.0.0.0
s2.static.cfgr3.com
0.0.0.0
www.redtube.com
0.0.0.0
di.rdtcdn.com
0.0.0.0
ei-ph.rdtcdn.com
0.0.0.0
cdn1d-static-shared.phncdn.com
0.0.0.0
outlook.office365.com
0.0.0.0
stats.g.doubleclick.net
0.0.0.0
ht.redtube.com
0.0.0.0

URLs

Name Detection
https://outlook.office365.com/grower/XdjQoGbnNj_2FSimi4F/g1n0hL2Ovi8UAiji8IT8vO/AZ50N9cBD7ouh/W9Stcu
https://www.redtube.com/
https://outlook.office365.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7
Click to see the 1 hidden entries
http://outlook.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7zv/NA3IFZsX5L82cDak57at8n5/D4Cfgi7tVz/ry3I5zo4IJ_2BIobC/5nWwD7akwp5A/XzqLAJr21mH/cjfkiJFlq9y77G/1bzeLjs6zco1VtNrrz8EL/tJlbiHzqPNR1Mami/EAf48einPLf/Q.grow

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7370D51F-E4F5-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7370D521-E4F5-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7370D523-E4F5-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF08C928D5E36F5DDB.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF64A2AAB8E5E3DF4B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFEA5774EEA628D538.TMP
data
#