flash

data.dll

Status: finished
Submission Time: 07.10.2021 01:30:08
Malicious
E-Banking Trojan
Trojan
Spyware
Evader
Ursnif

Comments

Tags

  • dll

Details

  • Analysis ID:
    498359
  • API (Web) ID:
    865931
  • Analysis Started:
    07.10.2021 01:30:08
  • Analysis Finished:
    07.10.2021 01:45:37
  • MD5:
    b0165e4e73dad2ac1cb519ea1eab8bd6
  • SHA1:
    4ebb5db088d233d4c85b19b299613a240ce25c95
  • SHA256:
    7ff6558fd39f6d8db53aa0baa3f3a9b1edb02ea2631102b6d85eafaf4bbd702b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
9/89

malicious

IPs

IP Country Detection
194.147.86.221
Russian Federation

Domains

Name IP Detection
init.icecreambob.com
194.147.86.221
art.microsoftsofymicrosoftsoft.at
194.147.86.221
222.222.67.208.in-addr.arpa
0.0.0.0
Click to see the 2 hidden entries
myip.opendns.com
102.129.143.57
resolver1.opendns.com
208.67.222.222

URLs

Name Detection
http://init.icecreambob.com/FcQup_2BTAzx5PF2I3Tn/YlRrkU5iinU1xuRm5TK/CmVp_2BlzVsGcnrzGccrm7/ksEs9Imm
http://init.icecreambob.com/zx75I3NNGmfLGn8pRj68/5q8NiboB_2FSEFLMm1p/GkM07ifmkRoyAPVxlJaDy3/cXr6SDsbgoHPm/PaJLAxVV/txoYRHBbj9M336C_2FP0F_2/FUuIUTfxn8/_2Fi1Q9Nh_2BYEyGG/g7XOKDVcckgo/6ifLOiy2t7I/1SoBj6Jybx3_2F/lN5De25izDb_2BsQi5Wix/BNFu2ADC3y17pVCQ/oz9_2B52JzEyRR4/O_2FqG0LC5012e1TXc/xR9rFY1G5/iapdd6603NTaeINQSp_2/BwLMzJ7w5SugcYmEG0J/qMt4_2FOPEov9_2Bo1MdfB/1y5TCsV89mnx3/ekW9ulBTE4wo3daXfFHw/KT
http://init.icecreambob.com/FcQup_2BTAzx5PF2I3Tn/YlRrkU5iinU1xuRm5TK/CmVp_2BlzVsGcnrzGccrm7/ksEs9ImmPr12_/2Bzh4tdV/KDpXfYGpjXykhg2xrNZQnLl/eQWxO9UJs6/yiNSkrLwUALCzuZwZ/kdGCEU3rIU9m/RGyuFMKeogE/z1UGBluOo2rYqx/Sf1vojdcef_2FoAlYSwrS/eWFw3oSweCgrgQTo/R3sh0ZaR7_2BXrU/KBuwJkO2cZWh9s5jos/PpUP1bcud/5c_2B9g4iz3DCS_2B4Cz/pQllr8YcQ_2FVn4H2Us/rP5gQf2cVzgDcEADA7kdUN/KefPCJRSUE50z/YwbIZJdHqw/X0ic
Click to see the 36 hidden entries
http://init.icecreambob.com/lbK
http://init.icecreambob.com/
http://init.icecreambob.com/og7BnMlwe_2BBL3VbbSex/Z2wNM4qLt9ZGOnrN/9je8jFPaDsbcMzh/J_2BWsBwN0E9DyNOrX/d2qP1bGCk/qJX6O5QV7cikPdeCysOT/SVA8NuODHqgxyywc97o/sy0RL7jVfhXgOS_2F71qSG/2FS97AOq0AZ7i/X9_2BsM8/SJH1OhdjW9LhTsNZM3lXLoj/SkVBjHPOLQ/6GYRgOB9uQP3Kv3KV/fG6AntXu_2Fz/nGnOrkp86kX/RqEbx2FTMLsnk_/2FwjN_2B5_2BN0BKA_2FD/vDq8sU2vs2Ajys3z/1dncEwDhZBm_2B_/2BT0IVCl_2Fi1ROltK/Ns3vDVNy1/kniVonoTwHdN/F4BE_2B
http://init.icecreambob.com/WD1GVGFxgZw/vdm2GeJ_2BleeD/xBKgH3gETrFFIsar7DerZ/qXw_2BmqCKfPdDFV/h8dkp6DT7p7lsEb/gtBepZBTsY8u6IZ_2B/slZYk8jOI/KWElWApc2AbPjj3JcqRW/pbQLCPSQWt3ZN3tjPe8/mXL41rn8MBcUk2OkcsuXJx/EoX5HyK9gu6tJ/HdiOJ_2F/vkfbE_2BFoaAHj2fO1r8paT/WkrWga9cjs/R1EobQ_2FVIB2FUG2/gDd0_2B_2Bn1/TZlCNHxakZo/w6E7c784GfHMDV/_2Fz5c89FcKDHFuQdUlIO/O21na4IIxgsQc_2B/zRGRLvdYbxEEQyb/llhWY2ulIai/ojLy
http://art.microsoftsofymicrosoftsoft.at/F8KV2hZoxO/U2sbox634rP29bJ_2/FXULDRGEtFfT/UZYVIFvPXHK/8dhg8UXIv347p9/lAjhFuG3pLkJW9jPts5ig/H4HccXVK4_2Fj3x4/JNX_2FOInLR8Nhr/AvMOGKETT4xKlbvgKV/ywk72W2sF/XRIveNKW0cDr2x9FlGme/9PA3AGNAa4JFJCkP8Ol/kE52dtLr2Gc2GIIsbVvLY7/_2FgegwtK4luv/WlDWKBm_/2BVUH_2FoyHiVnOSkUYW3XN/ZNo_2FlFkO/0PpkXJxUPRqbyltz6/D1_2B17g8RMv/LKZDclZ4G3c/Yy5W17MUWWbx9b/ZWlGh_2BykFLR0SdMWzQw/4cxn7
http://init.icecreambob.com/zx75I3NNGmfLGn8pRj68/5q8NiboB_2FSEFLMm1p/GkM07ifmkRoyAPVxlJaDy3/cXr6SDsb
http://init.icecreambob.com/l
http://init.icecreambob.com/2dRjaoZ5ba/_2B9OCZL2JKsW54Zw/b8_2FudlSzim/FebecF2Mr0l/RLhLAUL9EkrBQ6/jcfZJyjU6XRJEy_2F_2Fw/U4DTV9Ne0aXzpB9J/0iupMlpKOkgE91k/O1eWSmo3SiP86KIi_2/Fb913ObwC/qpNQAlO4bBFCqmydHOLy/nNarqOCZZOFGkIl4hzv/0jh_2Fn5oIgCb_2BiKYiQR/_2BU0c0XcTad1/VVgGQIES/_2B4c60XhwvhKtewqx0YhNF/9_2B9c5LC4/AStWPuhmAHWEYDBRQ/AKTTfZkbsU8X/VSsiQHsgzPR/ZrnjJVXfpIalCe/F_2BaXGFB0UzrQMjtIKjY/vg3Zv3Ys/i
http://nuget.org/NuGet.exe
http://twitter.com/spotify:
https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure
http://ns.adobe.co/xa
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://corp.roblox.com/contact/
https://www.roblox.com/develop
http://ns.adobp/
http://constitution.org/usdeclar.txtC:
https://contoso.com/License
https://contoso.com/Icon
http://https://file://USER.ID%lu.exe/upd
http://ns.adobe.cmg
https://www.tiktok.com/legal/report/feedback
http://www.g5e.com/G5_End_User_License_Supplemental_TermsW~
https://corp.roblox.com/parents/
https://github.com/Pester/Pester
http://www.g5e.com/G5_End_User_License_Supplemental_Terms
http://constitution.org/usdeclar.txt
https://contoso.com/
https://nuget.org/nuget.exe
https://www.roblox.com/info/privacy
http://ns.adobe.ux
http://www.g5e.com/termsofservice
https://en.help.roblox.com/hc/en-us
http://ns.micro/1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\a52acufz\a52acufz.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\keehvxm3\keehvxm3.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
Click to see the 31 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\380E.bi1
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\RES20A.tmp
data
#
C:\Users\user\AppData\Local\Temp\RES47B.tmp
data
#
C:\Users\user\AppData\Local\Temp\RESF604.tmp
data
#
C:\Users\user\AppData\Local\Temp\RESF652.tmp
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1khnqhjk.loo.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hr4en22c.pth.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psahr3sw.wpu.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tg4p345c.j2l.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\a52acufz\CSCA20CD7516B4D483281CF5F38543E99A.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\a52acufz\a52acufz.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\a52acufz\a52acufz.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\a52acufz\a52acufz.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\aixojixg\CSC8AF62C77111B490CBA18A772C2BF28D9.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\aixojixg\aixojixg.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\aixojixg\aixojixg.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\aixojixg\aixojixg.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\aixojixg\aixojixg.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\ddwuzigh\CSCFB1F6E3C794C45BDA93B7DDF91AC3ADC.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\ddwuzigh\ddwuzigh.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\ddwuzigh\ddwuzigh.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\ddwuzigh\ddwuzigh.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ddwuzigh\ddwuzigh.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\keehvxm3\CSC58F6D56599B14CCABEBFA477BAE65D74.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\keehvxm3\keehvxm3.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\keehvxm3\keehvxm3.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\keehvxm3\keehvxm3.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\Documents\20211007\PowerShell_transcript.910646.NcA_PxyH.20211007013229.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20211007\PowerShell_transcript.910646.uobBzu5J.20211007013230.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
#