2u2mgtylJy.dll

Status: finished

Submission Time: 2021-10-06 23:35:08 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
498331
API (Web) ID:
865903
Analysis Started:

2021-10-06 23:35:08 +02:00
Analysis Finished:

2021-10-06 23:48:34 +02:00
MD5:
503edcfec2262373e36deaa37f640332
SHA1:
37648e8ced69d8adc7be8bde5a61138cbb0f9e6a
SHA256:
3ef3beaa49e07f171927a772a417109df6f137c4fa321dbd17daaa7cb47392be
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
194.147.86.221	Russian Federation

Domains

Name	IP	Detection
init.icecreambob.com	194.147.86.221

URLs

Name	Detection
http://init.icecreambob.com/c0EOvrV0qc5VSAwBXBa8q/dPW7TTNz1rcIbr1g/OGkQFSQW_2Bb_2B/CxLaOk_2FnPEARFaVw/Csb60MwQA/8Ypl3_2BWvnuCQW7vD8i/qdzylpoZqovaHq0DLVW/usKTeoNgbrF2w_2BDuaJdC/AKwpjjkO35n80/YGAxFnFT/q0_2FYrqQ4gjnchYC1nCbyF/Hp5QomuD7V/q_2FNrEW28WwhW5J3/evh_2FuGxsfW/FTakqhOgg0C/5jOddm5Nv3UnAe/3xfYM3v5ExQ_2BFLHBcHx/XxFQgyV8rJEGI_2B/SbbjLh_2FBHqXrD/63xNgkJW9N_2F4ADkn/Y6hvY_2Bp/meMPSPNF59dChat/emng
http://init.icecreambob.com/sv2O34qq/Kta1HvKsZ3tgM7tFYBomACu/mI6UagQ8wE/lYb6amh0XTBBLuSs2/uL4X3YpCek6i/1bj7_2BSpik/RZgu0vnHADL_2F/DGIXfo8xI_2Fn7H2kdqcK/qXQVYi0KeQpUICab/7iJEzXcfcMykGMx/EJryNKNs8qa83X8s7Y/7tfLoTfti/U8NCgomMwZYVXU814zuK/PzGEHqwSUIE_2B6HbQA/nZ16OvnVY6z_2B_2BbpXoo/EiIV_2FcZQIU_/2B_2FmU5/qne1F46TC0T7BPdNnwGtiCp/b9fo2Sp7mS/YC35VhxW_2F7DBQpp/ArbAVDFUHmnE/HIkiAjFrV16/J_2FNADvxnl/nN
http://init.icecreambob.com/6ekkhXb3MtuoC3_2FyvMu7l/0daElC7mOy/R6ZAlklcJ6nCEa1JG/77QHYRlDFZhY/CKh_2FHTF7b/anY3A4myrq9HMr/O0ixl1A9Ab9AH_2B1NpLR/OZcyW0ela3aJDPib/aDAo_2FD0usl4GG/4oFEpWmdLkMOuuyhNo/mbHFma2ju/jhqMzX7tDC0zN5vsOrlK/LJLMnBely6_2FcvVC3_/2BGwUD6Z4I7FCi_2F4cLgE/uWy6vjfOkNRx2/Rg68drga/pJzjEQy6uB0KP1_2FePOOmA/O6h7H3iuIm/pcPhmiBWtj4KTiWxG/SDfQhFDr6R3L/tcUc0BMyzZU/A0ixqYVRKBrNc/C6
Click to see the 6 hidden entries
http://init.icecreambob.com/mGUnO6XImcveA33xjh/RHKTTJs7w/ZXD5AGL8Z6b5Ydjn0EBf/EEGi_2B0P5BK3ftqfJ8/5Y3Dt3ILkK2tDhNHmvNVf_/2F6_2F9GG6nmd/AY3q5qlr/sduRVTyfg13io80O41ww0bD/nRvcHECqk0/hG_2B3Z8IlsbTadMs/jPEgqC11z_2F/jJ4I6p_2FzT/fAEznSbYmzFTCx/tlrGc2O52xjGLqfXmjqXa/6zgFstkYf810iRhc/DHMuTlvestji1tB/IFQcQqkY0w_2Fc2Xsv/6z833jFgl/JXYjGT9FPcN_2B_2FZhr/B_2FsGJxQAgoh7FOdw4/SNBrK
http://init.icecreambob.com/kk7MynOrZ2/z5Qh_2BFEZjQ9BqRe/l_2Bgh6swCWQ/Zdtmhdulegn/LFRgPgQWX6bTGy/Yy1zwx8XOzt5N3jy5Pcmz/ts9skZhrek9mZcWd/xn8wNPnE877ouqT/kBRevLD80b3Nerfvje/33yHfRtoq/EihB_2BQDiRYgQil4p84/D0DabPhF3qer2j9EJKn/WvoAJfNTpYAIRvXDTaZZDH/fUk_2BZih9cWP/r9VQkrFe/xqlWhFz_2BH7D5UWSdx5_2F/aZRLZpngni/St06qc8pfSPa4Smvv/1_2F3_2B3r2l/ptas5GP7wAZ/bcuDVyi8nVrKje/tpxJ_2BEDA1LSa1gW0Wq6/omxVT
http://init.icecreambob.com/uIg4rVau7E/pTOdpcWCqXLyW2Bb5/JVlWWIBKAi_2/FojTkl9LBdj/5NQUgJKju0RtNO/tzDm4s507_2F4kRlBxNQt/CqxnS5LJs3_2FGkx/6ujxicMmApQgR_2/FMWid4EYZr5bz4ddPN/IQ9nZpFjW/G2s2Nwqd9U74yv0lJk1Z/vtVoAMsIMmzYYMF6sq8/woVgKPwWZHePIzS0ff2CWr/hCbiWIGzzlF_2/FmwQ3_2F/eBtb4969HyiFKQjm86_2Fle/DPRDUjXUk5/_2F4UeWwjjX_2FtrJ/9zRp4NGcvnKV/V15fgxhlV6E/wQC8oVitxi5FBk/gvAuYUOLQwJUKJ5EjKZtE/tSYoF
http://https://file://USER.ID%lu.exe/upd
http://constitution.org/usdeclar.txt
http://constitution.org/usdeclar.txtC:

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\jdlmh2q4.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mz1hzvcs.52m.ps1	very short file (no magic)	#
C:\Users\user\Documents\20211006\PowerShell_transcript.965969.n1aVGIxX.20211006233737.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 28 hidden entries
C:\Users\user\Documents\20211006\PowerShell_transcript.965969.PeztN8su.20211006233727.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\yg5i0oy3.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\yg5i0oy3.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\yg5i0oy3.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\yg5i0oy3.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\w34iw342.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\w34iw342.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\w34iw342.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\w34iw342.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\jdlmh2q4.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\jdlmh2q4.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\jdlmh2q4.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ow5jbajq.osu.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ebhtree3.nqf.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02dbrdif.tbr.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RESE022.tmp	data	#
C:\Users\user\AppData\Local\Temp\RESD66D.tmp	data	#
C:\Users\user\AppData\Local\Temp\RES889.tmp	data	#
C:\Users\user\AppData\Local\Temp\RES1839.tmp	data	#
C:\Users\user\AppData\Local\Temp\CSCCED00F42533349BEA98D8A77AE340CD.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSCCE0193F21C5D49109645DA91D5FFF210.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC919BED62534A4CC3BF2669B466E033B8.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC5471F709FE714810AB0D5625CD34D24.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\4z2qptpk.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\4z2qptpk.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4z2qptpk.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\4z2qptpk.0.cs	UTF-8 Unicode (with BOM) text	#

2u2mgtylJy.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

2u2mgtylJy.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

2u2mgtylJy.dll