beneficial.dll

Status: finished

Submission Time: 2021-07-30 01:41:07 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
456598
API (Web) ID:
824188
Analysis Started:

2021-07-30 01:41:07 +02:00
Analysis Finished:

2021-07-30 01:53:15 +02:00
MD5:
631779ef3aecb4838360304f162dbd8c
SHA1:
9103735e9771b40fb26b5b273683934dfea38402
SHA256:
a4c7d46ab94add85adc74f9686c7367fd82eaae508b3e2227db8e62930fb3da0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 10/89

malicious

IPs

IP	Country	Detection
185.228.233.17	Russian Federation

Domains

Name	IP	Detection
gtr.antoinfer.com	185.228.233.17
app.flashgameo.at	185.228.233.17
resolver1.opendns.com	208.67.222.222

URLs

Name	Detection
http://gtr.antoinfer.com/5QxR3u9Oxc2/66JuutLFo4_2BN/FYPvHdZdpqBBUlII8YbkV/HeRpg9bicXJHtfwV/D4QIfvz6kYooZLO/cw4gCcjcoRxS01qkn1/EW0Ez7bVC/W7k8iaBQuoYhbKZqLnrE/RbmpYueuIODfoh6oP2l/c8Ac2bwpliTaTSR56vdGwk/ZRQxemEpvF2A8/99lPQg9V/lwEJF2LaR_2FZsZYxJbXRUs/6u5PpA2s_2/FPyKVp1yfx9FnP4nW/L_2Fr3MO_2By/WnKnaVSLrhm/N0Y4cK91iRGQ0B/oWkJGcqoY10Xhf8Gg076m/Kf5Jj7Gzg1x_2BtG/X7PsvIId3dQ8Qbd/BbiLQ_2F/U
http://app.flashgameo.at/AaIOQUP2y/4dnIAMN75W41Bfts1fSz/M_2Fx5i8y8r51u0lG8k/Vow6wxsSIumTiRnzEaU_2F/CNqZZratbcUbt/LfJIE5RK/Qn2KT5OfSwybCTYBU60XzCf/sUfUuU3ny4/Nvm_2F3pWKviik2bT/GkHFCrtshckm/ulvNk97G1Hx/pXIQmYClmd4w2X/GUTmFeyxxN3C13bmMyAKU/NQgWhtBdSJ1Z_2Fo/_2B4Pdro50W_2FD/Bvoq_2B6Eukz15ckDu/b66LiH2F3/_2FbDHmG1_2BEazwEN73/RMWRczom09mYBn_2F5G/UMe8OA5em/vbxfmSXOeF5/N7V
http://nuget.org/NuGet.exe
Click to see the 11 hidden entries
http://constitution.org/usdeclar.txt
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://contoso.com/
https://nuget.org/nuget.exe
http://constitution.org/usdeclar.txtC:
https://contoso.com/License
https://contoso.com/Icon
http://https://file://USER.ID%lu.exe/upd
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://github.com/Pester/Pester

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\y3j0hr41\y3j0hr41.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\kdz1kgtq\kdz1kgtq.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\kdz1kgtq\kdz1kgtq.0.cs	UTF-8 Unicode (with BOM) text	#
Click to see the 28 hidden entries
C:\Users\user\Documents\20210730\PowerShell_transcript.549163.NcC0axkD.20210730014327.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210730\PowerShell_transcript.549163.ANtJ1+Kx.20210730014315.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\y3j0hr41\y3j0hr41.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\y3j0hr41\y3j0hr41.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\y3j0hr41\y3j0hr41.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\y3j0hr41\CSC1BD10A2A5D864F59B6883896D7374BCD.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\tangn2aw\tangn2aw.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\tangn2aw\tangn2aw.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tangn2aw\tangn2aw.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\tangn2aw\tangn2aw.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\tangn2aw\CSCCFAE70CB50C649DC9230F2DAC50A036.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\kdz1kgtq\kdz1kgtq.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\kdz1kgtq\kdz1kgtq.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\kdz1kgtq\CSC3C6C006953954AC2BBB3EA5383F4311.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5usb1drh.jow.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vimynhx.xnu.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3xi1kydi.rnm.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_12b2zita.pj0.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RESCF86.tmp	data	#
C:\Users\user\AppData\Local\Temp\RESB25A.tmp	data	#
C:\Users\user\AppData\Local\Temp\RES92FA.tmp	data	#
C:\Users\user\AppData\Local\Temp\RES7CE2.tmp	data	#
C:\Users\user\AppData\Local\Temp\4mppu3lx\CSC5D5E602DFAC54795936F9835A1D78A6E.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\4mppu3lx\4mppu3lx.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\4mppu3lx\4mppu3lx.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4mppu3lx\4mppu3lx.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\4mppu3lx\4mppu3lx.0.cs	UTF-8 Unicode (with BOM) text	#

beneficial.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

beneficial.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

beneficial.dll