flash

B6VQd36tt6.dll

Status: finished
Submission Time: 11.10.2021 22:16:21
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • BRT
  • dll
  • geo
  • Gozi
  • ISFB
  • ITA
  • Ursnif

Details

  • Analysis ID:
    500299
  • API (Web) ID:
    867871
  • Analysis Started:
    11.10.2021 22:19:56
  • Analysis Finished:
    11.10.2021 22:45:03
  • MD5:
    c4c060ec6b1e42d70972d0af66a04e66
  • SHA1:
    3ef84847fceb31b8814c12c94c57c72a5281d6f5
  • SHA256:
    47715e425398283d53019c270311ad0c709f660048d2f884d5116d80b983743f
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
96/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

malicious
96/100

malicious
11/66

malicious
11/45

IPs

IP Country Detection
52.97.137.178
United States
52.97.183.162
United States
40.97.164.146
United States
Click to see the 5 hidden entries
40.101.60.2
United States
40.101.91.82
United States
52.97.151.114
United States
52.97.151.18
United States
13.82.28.61
United States

Domains

Name IP Detection
areuranel.website
0.0.0.0
breuranel.website
0.0.0.0
msn.com
13.82.28.61
Click to see the 6 hidden entries
outlook.com
40.97.164.146
HHN-efz.ms-acdc.office.com
40.101.91.82
FRA-efz.ms-acdc.office.com
52.97.151.18
www.msn.com
0.0.0.0
www.outlook.com
0.0.0.0
outlook.office365.com
0.0.0.0

URLs

Name Detection
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://msn.com/mail/liopolo/A1Qp_2BWzai2O5/xac_2BRG3wzSilIBjQnWR/yH8MK_2FDeyVZ7zs/MmgvT5kbS5J14SI/50tiJJe1m8aJQ2XT7T/rIRQt7iCb/CwoKyLq7nfSWQHvgpN7o/BCyQHF5XZOebIuFzT_2/BFFOtw4QHhKTLswkkvF9vD/aY9DT6JVICQxS/piqcZUHz/pQlXCrwUL0BTmEd_2FLWL2L/RH2uj8PySJ/d2LKLIyBddk3_2FhT/H.jre
https://outlook.com/signup/liopolo/7RiyOegViATthNX4pt/E65VkdFK0/peIG_2BaG1SxNKYOcdXs/80APf88JeQpK_2BfrxB/1_2B2_2FNDAEnuSdYMUmdr/BpxBwvlUzTu3W/v3tDiaIH/uhnULhLXCDfDONp_2FCc03F/ZkPsDATWsR/KNPTfNdkqqbWMwLBy/xU_2Bk46LKIT/9_2FOKzik9g/v8mZTndKcyg89a/ELxzR_2BALqku0rQMRn2U/KVAF7ruVq/mnKq.jre
Click to see the 31 hidden entries
https://outlook.com/signup/liopolo/f5kvQFsIv4wED/j69h8mSZ/xzzTxsSNNb1pIF2nd0zyLKL/oW0UsUUi2h/1n_2FrPb8KlH0Zm6I/DMN_2B2Rb3dP/VgvW0BFn0fE/SZJzWGdiy3m5qM/ymewVR1TpC9Ou3wlV9Okm/omWH_2FxfhHZzw96/HP0eihm9FW1uN9V/ykWA9NBBnDVcWXTKfE/JwgC0Jx4CafbQ/qgLsjM_2/F.jre
https://msn.com/o
https://outlook.office365.com/D
https://www.msn.com/?refurl=%2fmail%2fliopolo%2fA1Qp_2BWzai2O5%2fxac_2BRG3wzSilIBjQnWR%2fyH8MK_2FDey
https://www.msn.com/?refurl=%2fmail%2fliopolo%2fXqCHqVDXW8CZUpeu5peN_2%2fFydjgYTJtTmoC%2ffAo34oef%2f
https://www.outlook.com/signup/liopolo/7RiyOegViATthNX4pt/E65VkdFK0/peIG_2BaG1SxNKYOcdXs/80APf88JeQpK_2BfrxB/1_2B2_2FNDAEnuSdYMUmdr/BpxBwvlUzTu3W/v3tDiaIH/uhnULhLXCDfDONp_2FCc03F/ZkPsDATWsR/KNPTfNdkqqbWMwLBy/xU_2Bk46LKIT/9_2FOKzik9g/v8mZTndKcyg89a/ELxzR_2BALqku0rQMRn2U/KVAF7ruVq/mnKq.jre
https://blogs.msn.com/
https://deff.nelreports.net/api/report?cat=msn
https://www.msn.com/en-us//api/modules/fetch"
https://www.msn.com/mail/liopolo/yn_2BPYQmJ20vgPRL3/3wjWE1bwH/DDPf_2FmyfN4qjiroAKh/7sxv413IrGA7KcA9H
https://www.outlook.com/signup/liopolo/7RiyOegViATthNX4pt/E65VkdFK0/peIG_2BaG1SxNKYOcdXs/80APf88JeQp
https://msn.com/y
https://www.msn.com/
http://ogp.me/ns/fb#
https://msn.com/mail/liopolo/XqCHqVDXW8CZUpeu5peN_2/FydjgYTJtTmoC/fAo34oef/chWHLvpFFUOYdiWXbNbnYW0/Rfy3HU21P_/2FwjKpEqeFo_2FxU6/0A_2BR4J2MVl/hx12NRqsjmC/kkNl1wduKuFf8Q/FUG3Ocqqzs1x_2BibuPx6/9auuC1P5josci_2B/vyxmzUWJ7gSzOqo/Jt7rxzWzdI7AYIGNrQ/e7oR22vyh/Me9W1V8u/5SwAx9Su/B.jre
https://outlook.office365.com/signup/liopolo/7RiyOegViATthNX4pt/E65VkdFK0/peIG_2BaG1SxNKYOcdXs/80APf
https://outlook.com/signup/liopolo/5R03kGEb4YkHyvd/vrgMCXbUCWgL9mS74E/ZNV_2FT7r/A0OAE579SB7Hx3A4JeNe/QST70In3HBC_2F_2Flg/hEE1oqV04Tcb_2BXZ4DwC_/2BDjxaFgiu1Kq/cZhA7baN/ystZ_2FV5yPDIe8qQfN_2Fy/gQ02q5YT1n/eawFPHFBcfhAYskcF/Z0kyVxsdmmeN/mzjXdayEo/OIVTn_2Fwlw/Fu.jre
https://msn.com/
https://outlook.office365.com/
https://mem.gfx.ms/meversion/?partner=msn&market=en-us"
https://www.outlook.com/signup/liopolo/f5kvQFsIv4wED/j69h8mSZ/xzzTxsSNNb1pIF2nd0zyLKL/oW0UsUUi2h/1n_2FrPb8KlH0Zm6I/DMN_2B2Rb3dP/VgvW0BFn0fE/SZJzWGdiy3m5qM/ymewVR1TpC9Ou3wlV9Okm/omWH_2FxfhHZzw96/HP0eihm9FW1uN9V/ykWA9NBBnDVcWXTKfE/JwgC0Jx4CafbQ/qgLsjM_2/F.jre
https://outlook.office365.com/signup/liopolo/5R03kGEb4YkHyvd/vrgMCXbUCWgL9mS74E/ZNV_2FT7r/A0OAE579SB7Hx3A4JeNe/QST70In3HBC_2F_2Flg/hEE1oqV04Tcb_2BXZ4DwC_/2BDjxaFgiu1Kq/cZhA7baN/ystZ_2FV5yPDIe8qQfN_2Fy/gQ02q5YT1n/eawFPHFBcfhAYskcF/Z0kyVxsdmmeN/mzjXdayEo/OIVTn_2Fwlw/Fu.jre
https://www.outlook.com/signup/liopolo/5R03kGEb4YkHyvd/vrgMCXbUCWgL9mS74E/ZNV_2FT7r/A0OAE579SB7Hx3A4JeNe/QST70In3HBC_2F_2Flg/hEE1oqV04Tcb_2BXZ4DwC_/2BDjxaFgiu1Kq/cZhA7baN/ystZ_2FV5yPDIe8qQfN_2Fy/gQ02q5YT1n/eawFPHFBcfhAYskcF/Z0kyVxsdmmeN/mzjXdayEo/OIVTn_2Fwlw/Fu.jre
https://outlook.office365.com/signup/liopolo/f5kvQFsIv4wED/j69h8mSZ/xzzTxsSNNb1pIF2nd0zyLKL/oW0UsUUi
http://ogp.me/ns#
https://msn.com/O
https://outlook.office365.com/signup/liopolo/f5kvQFsIv4wED/j69h8mSZ/xzzTxsSNNb1pIF2nd0zyLKL/oW0UsUUi2h/1n_2FrPb8KlH0Zm6I/DMN_2B2Rb3dP/VgvW0BFn0fE/SZJzWGdiy3m5qM/ymewVR1TpC9Ou3wlV9Okm/omWH_2FxfhHZzw96/HP0eihm9FW1uN9V/ykWA9NBBnDVcWXTKfE/JwgC0Jx4CafbQ/qgLsjM_2/F.jre
https://msn.com/mail/liopolo/yn_2BPYQmJ20vgPRL3/3wjWE1bwH/DDPf_2FmyfN4qjiroAKh/7sxv413IrGA7KcA9Hu0/BYfxtbSdLKzFinzGkJGdmk/P_2Fifx7koRFQ/MIG6rk6P/jRWWDjWjz87k5xmFJxsJqsu/JDVOEV0_2F/rb6v_2FY3MQLb6_2F/gkDS2luFhYah/H5Mm0Y9iZUr/9_2FNXlrb5xId9/cAon_2FllX9wfUzSs9jRy/iECEQNsAU7oK/0.jre
https://www.msn.com/?refurl=%2fmail%2fliopolo%2fyn_2BPYQmJ20vgPRL3%2f3wjWE1bwH%2fDDPf_2FmyfN4qjiroAK
https://outlook.office365.com/0
https://outlook.office365.com/signup/liopolo/7RiyOegViATthNX4pt/E65VkdFK0/peIG_2BaG1SxNKYOcdXs/80APf88JeQpK_2BfrxB/1_2B2_2FNDAEnuSdYMUmdr/BpxBwvlUzTu3W/v3tDiaIH/uhnULhLXCDfDONp_2FCc03F/ZkPsDATWsR/KNPTfNdkqqbWMwLBy/xU_2Bk46LKIT/9_2FOKzik9g/v8mZTndKcyg89a/ELxzR_2BALqku0rQMRn2U/KVAF7ruVq/mnKq.jre

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_b6db214dd89db871c3cf2d8284ebed8c4377271_82810a17_0a11246a\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_b6db214dd89db871c3cf2d8284ebed8c4377271_82810a17_100904dc\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_b6db214dd89db871c3cf2d8284ebed8c4377271_82810a17_138537a4\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 9 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5812.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Oct 12 05:22:46 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FB4.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER64C6.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER74B2.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Oct 12 05:22:57 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CB0.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8E83.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Oct 12 05:23:02 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER90C7.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FBB.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5F5.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#