flash

1c8.dll

Status: finished
Submission Time: 14.07.2021 15:45:17
Malicious
Trojan
Ursnif

Comments

Tags

  • dll
  • gozi

Details

  • Analysis ID:
    448651
  • API (Web) ID:
    816240
  • Analysis Started:
    14.07.2021 15:45:17
  • Analysis Finished:
    14.07.2021 15:55:14
  • MD5:
    1c87b3ebc5ddf8f53e585b3cf8f74f47
  • SHA1:
    4579705a3e0e8b644fcf30d4c79456b0e4f669b8
  • SHA256:
    f2dfc3562e150ca045557559269c3c21531bb85292864109fd2ceca4fe0f1ea9
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
80/100

malicious
9/35

malicious
17/28

IPs

IP Country Detection
40.97.128.194
United States
52.97.232.194
United States
52.97.232.210
United States
Click to see the 1 hidden entries
52.97.201.226
United States

Domains

Name IP Detection
outlook.com
40.97.128.194
ZRH-efz.ms-acdc.office.com
52.97.232.194
www.outlook.com
0.0.0.0
Click to see the 1 hidden entries
outlook.office365.com
0.0.0.0

URLs

Name Detection
https://outlook.office365.com/grower/IGPiFOK9TunC/gPtC5_2F4YG/ZzNVH5SYgNPO4r/Psx6BaSL6yLcaujEgpw7P/t
https://outlook.office365.com/grower/iSa3U_2FCrZy/TdWTQggM2F_/2F4Qd7iLvOzuNw/Q11HFiIe_2BP9wOCf9bSc/9
http://outlook.com/grower/IGPiFOK9TunC/gPtC5_2F4YG/ZzNVH5SYgNPO4r/Psx6BaSL6yLcaujEgpw7P/tYMT5RnKSeCB9jBg/3iH6euhlA_2FGYG/rhrfnjjJUD3Y1TDXr8/g3m2c4nF8/bM6OTpEkWKHOq9wInEON/2HRIvyEq85fMK7VnDSk/ESY1C1z2RWNeT9llxDcxvu/GKJMCp_2FJD6L/hm1dCsQj.grow

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A0F511A-E4AA-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A0F511C-E4AA-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A0F511E-E4AA-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF34CE60BF8360E948.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF4099CF7A12250C28.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF547E5E23E7DFF857.TMP
data
#