flash

1ZDvfs8V0D.dll

Status: finished
Submission Time: 15.09.2021 13:50:21
Malicious
Trojan
Exploiter
Evader
Dridex

Comments

Tags

  • Dridex
  • exe

Details

  • Analysis ID:
    483801
  • API (Web) ID:
    851369
  • Analysis Started:
    15.09.2021 14:02:33
  • Analysis Finished:
    15.09.2021 14:16:51
  • MD5:
    291d328b80fa04b559d8bef5875125f1
  • SHA1:
    86664f646c9b2d93102046b34b20ec495f3a58da
  • SHA256:
    803674f9a33df4d1a18051592df46f57a5c735367773691ab2bfb17a21aa6eb6
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
45/68

malicious
23/35

malicious
33/45

malicious

URLs

Name Detection
http://www.autoitscript.com/autoit3/J

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\0ubYqNmr\VERSION.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\5zVf35m1I\SLC.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\BxU\MFPlat.DLL
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
Click to see the 30 hidden entries
C:\Users\user\AppData\Local\BxU\mfpmp.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\EkXB809\dpx.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\HaXuPA\SYSDM.CPL
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Ui6tQfJoZ\DUI70.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\W6MyNTlP8\WMsgAPI.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\XyDPIStsf\dwmapi.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\ibC\SPP.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\whddZ\WTSAPI32.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\0ubYqNmr\PresentationHost.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\5zVf35m1I\msinfo32.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\9Uw6zQ\VERSION.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\9Uw6zQ\unregmp2.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\EkXB809\lpksetup.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\HaXuPA\SystemPropertiesPerformance.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\K5GwJI\VERSION.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\K5GwJI\wextract.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Ui6tQfJoZ\SystemSettingsRemoveDevice.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\W6MyNTlP8\osk.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\XyDPIStsf\SndVol.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\ibC\rstrui.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rRo\AgentService.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rRo\VERSION.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rceY\SYSDM.CPL
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rceY\SystemPropertiesProtection.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\ueX148\DUI70.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\ueX148\SysResetErr.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\vx8g6QJ\VERSION.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\vx8g6QJ\systemreset.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\whddZ\irftp.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\eb42b1a5c308fc11edf1ddbdd25c8486_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#