945.dll

Status: finished

Submission Time: 2021-07-14 15:45:12 +02:00

Malicious

Trojan

Ursnif

Comments

Details

Analysis ID:
448650
API (Web) ID:
816239
Analysis Started:

2021-07-14 15:45:12 +02:00
Analysis Finished:

2021-07-14 15:54:40 +02:00
MD5:
9453981ab8e71981bea907b3f2d11395
SHA1:
ca0f69ef71bf287bdd19a8a9811c1f0dd2ff50e6
SHA256:
fa97cd35d76337ff4a523ebdd7f879359a70432a14b7377f06df29c4679b3f70
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 9/35

malicious

Score: 17/29

IPs

IP	Country	Detection
52.97.201.242	United States
40.97.128.194	United States
52.97.232.194	United States
Click to see the 3 hidden entries
52.97.186.114	United States
52.98.168.178	United States
40.97.116.82	United States

Domains

Name	IP	Detection
vuredosite.club	37.120.222.6
static.trafficjunky.com	0.0.0.0
v.vfgte.com	0.0.0.0
Click to see the 27 hidden entries
di-ph.rdtcdn.com	0.0.0.0
ei.rdtcdn.com	0.0.0.0
www.outlook.com	0.0.0.0
hw-cdn.trafficjunky.net	0.0.0.0
ht.redtube.com	0.0.0.0
stats.g.doubleclick.net	0.0.0.0
outlook.office365.com	0.0.0.0
cdn1d-static-shared.phncdn.com	0.0.0.0
ei-ph.rdtcdn.com	0.0.0.0
di.rdtcdn.com	0.0.0.0
www.redtube.com	0.0.0.0
s2.static.cfgr3.com	0.0.0.0
www.adpmbtj.com	0.0.0.0
stivers-ricsovers.com	3.65.154.208
vip0x08e.ssl.rncdn5.com	205.185.208.142
www.google.ch	172.217.168.3
ads.trafficjunky.net	66.254.114.38
ei.rdtcdn.com.sds.rncdn7.com	64.210.135.70
ei-ph.rdtcdn.com.sds.rncdn7.com	64.210.135.68
outlook.com	40.97.116.82
hubtraffic.com	66.254.114.32
vip0x04f.ssl.rncdn5.com	205.185.208.79
vip0x055.ssl.rncdn5.com	205.185.208.85
redtube.com	66.254.114.238
stats.l.doubleclick.net	74.125.128.154
ZRH-efz.ms-acdc.office.com	52.97.201.242
adpmbtj.com	192.99.16.134

URLs

Name	Detection
https://outlook.office365.com/grower/XdjQoGbnNj_2FSimi4F/g1n0hL2Ovi8UAiji8IT8vO/AZ50N9cBD7ouh/W9Stcu
https://www.redtube.com/
https://outlook.office365.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7
Click to see the 1 hidden entries
http://outlook.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7zv/NA3IFZsX5L82cDak57at8n5/D4Cfgi7tVz/ry3I5zo4IJ_2BIobC/5nWwD7akwp5A/XzqLAJr21mH/cjfkiJFlq9y77G/1bzeLjs6zco1VtNrrz8EL/tJlbiHzqPNR1Mami/EAf48einPLf/Q.grow

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7370D51F-E4F5-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7370D521-E4F5-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7370D523-E4F5-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF08C928D5E36F5DDB.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF64A2AAB8E5E3DF4B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFEA5774EEA628D538.TMP	data	#

945.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

945.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

945.dll