Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

gECym.dll

Status: finished
Submission Time: 2021-10-20 14:57:14 +02:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • 7412
  • exe
  • greenpass
  • isfb
  • ursnif

Details

  • Analysis ID:
    506330
  • API (Web) ID:
    873896
  • Analysis Started:
    2021-10-20 15:07:24 +02:00
  • Analysis Finished:
    2021-10-20 15:27:14 +02:00
  • MD5:
    fcb53acd5fd1637a2ac1bc69f396e92c
  • SHA1:
    a09432a56375c5a39856d59e402c3f8642edda7b
  • SHA256:
    cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 7/65

IPs

IP Country Detection
104.26.3.70
 United States
31.220.111.98
 Lithuania
151.101.1.44
 United States
Click to see the 3 hidden entries
104.26.7.139
 United States
104.20.184.68
 United States
172.217.168.38
 United States

Domains

Name IP Detection
geolocation.onetrust.com
 104.20.184.68
cvision.media.net
 0.0.0.0
222.222.67.208.in-addr.arpa
 0.0.0.0
Click to see the 15 hidden entries
web.vortex.data.msn.com
 0.0.0.0
img.img-taboola.com
 0.0.0.0
srtb.msn.com
 0.0.0.0
ad.doubleclick.net
 0.0.0.0
www.msn.com
 0.0.0.0
ad-delivery.net
 104.26.3.70
contextual.media.net
 23.211.6.95
btloader.com
 104.26.7.139
resolver1.opendns.com
 208.67.222.222
lg3.media.net
 23.211.6.95
hblg.media.net
 23.211.6.95
myip.opendns.com
 102.129.143.33
aaaa.bar
 31.220.111.98
tls13.taboola.map.fastly.net
 151.101.1.44
dart.l.doubleclick.net
 172.217.168.38

URLs

Name Detection
https://aaaa.bar/jdraw/5EykzOMH8AC5xhH2f/h8YTRIF2mRSj/KI86vZ_2Fir/d_2FuekCCAOUjf/zFWcX3e13Ac_2BX_2BJGA/HUhc5yQiyPXedVM9/FyaB9AafT7f6pn1/rx17UyN0GmK2igoXTb/2p_2Bsvx3/fo8we1bgw6ZsfyAC6K72/DEX9YIVMXwvcSkZsNZR/8w9U8utAyGo407eExfiyfi/bLDkUZuz9hmdJ/XGInYyFxli4cy/JoKC.crw
https://aaaa.bar/jdraw/yQNRXOou_2F/TKb_2FDPLUxEHX/34UsINmRGrF0U0brjExsG/R8lvAy6e3bs7Nh2H/QoLe_2Bwp2v2e8Z/IwuiqSnSaPWQnudhme/0fUiRiwnK/HC2m5rShJXeZnaMhBAa7/2sv1pUExc23tcG4uzbe/S9YqUCaVHHJSHD_2FHBasu/DOlWi2P1fW4xM/vPgP1tY3/PB1yvdHjP2kNFl0vG_2Fhxc/khv1QiPG/3tnR7uH.crw
https://aaaa.bar/jdraw/hqka30Wii/31Oq5rEnSRjUxODbgauN/3Qomlb_2B6I7h2xlFjq/YffmBTpCRrKlCahwBmdROz/L3L_2BpluTz9H/ch5yKjwO/n0FR27CV_2B_2FzpXk9iMJC/P_2Fk2e7Yv/b_2BW31QojrkMDFWC/tZHFJBu8lQql/OZI9lNxt6O0/sFuOUiC9FGcBD8/qZGUVX5D_2FYXiueA015K/GMEnEsw.crw
Click to see the 21 hidden entries
https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovuxQrp7KsWgS/wBggvPBS/iWInt5CFnJyvSqpyHgJyYxn/O_2F_2BUYe/fLDTk5RpDf_2F9mZ_/2F7NAIxeGgZa/QcsaY21TZZx/U7QIv9qlBRWqpg/DR61HU_2FzqgxKP2wonEs/EkSZK.crw
https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF3y7v/VMJcRRP5R6TojvxFTX/kOSl73q2F/w8Q6acp8KbUFCwTOVCqa/KHPQFw1IxW8ntmCw6R5/_2FriFMvRAS7jKjzJNgjI_/2B3Jlm1ZTjVZL/7f9n_2Fm/j0A3VF_2BTXTJlyVXccf7gs/IMfn4fjHWd/I3IboiX_2F3/uQt3.crw
https://aaaa.bar/jdraw/NO7gR0KTty/Oqx9aKgxsT2Y54eU9/T_2Fq68MoL8B/sVtG7ExwGuN/2b4WQXmrNjZqxz/IsPGuUpM_2FQweZHv_2BB/qSCYCr2zsOkbh38r/It4yIHc8jFLoOJQ/k2WdhsET8UEtCwKWoz/qKONYcQpl/QBJ1lUtsdnk2R51rdvsn/Du_2F_2Ftub4vOTuIOX/47sdvY8Q/mQd32Pz7EA_2F/N.crw
https://aaaa.bar/jdraw/MVdZIiu0NzX64W/jGgxHg6bC6YiiTOGCL_2B/K5_2B4OguOIrq_2F/deq5LFM1_2Fh_2B/A30hkj4LBKS8PnjdwI/9w5zD21KD/Gv4zCmpHpXW8kBPJ6yzJ/GKf4n1QcwBRAhkvF2a_/2BDpnBrAV7AZvGg_2FwtGG/RaDUbMye7jqhn/NmN4Vf9F/bD7myyGQXfiKlv1_2BoXKI7/VLTDzeWG/dZ.crw
https://aaaa.bar/jdraw/H4GjPkmE7AedOn2/SaetnicpaebgBYZBph/BvmQBH2Ya/Oa7o5fA_2FxihzNsKVGG/_2BKOERN0ze3StZ8PJO/K9jrlAYK2cirYDQTLgJFGo/m_2BMIG_2Ff7J/M2tNW_2B/JwKxyFyNvYCJPpLYcu2z3fg/Co6_2F9DSd/aeV2iIileaWP_2B3q/B8Ii95Syxk_2/BFqOHwCSf6U/KnFKNxJjQfI9vK/6tnrhCZ8FpH5l_2FDWF/lT.crw
https://aaaa.bar/jdraw/gquCtxgLcwr_2F/e84ivzpkcm6RjGEX01HRQ/1JrxRgAMZnr84pf7/d6zLleHTDCpRxyP/mtUcNkhWJ9YEaOQAKu/ZbEc2Du6X/JsZUowsYOu98vblofvm0/EeOsadhZCmRp8ZCZ8KO/Ei99ya5BDB6uxeZYaXwGYu/W7LMC3IC7p7Aq/X8nzxfM9/9M7hUrRFHoU/Zf8MWsTW.crw
https://aaaa.bar/jdraw/WNAlg8cEc/UcfXfHTDCraOPvAxQ0u0/IBGE8nVsnVmaTWmqt_2/FgXrkKfYI9UDVTSC9YOK9U/edsq3qaEaK4UV/nX98HXXg/zJ1jx_2BUw5Fkli5F8AIb_2/FG3fGkSRfJ/J4BestfVNDAUFKDxV/xH_2BYMBJKGO/i9O5kI15Exg/Ujf1s7nWsRKDBP/pBWe2EoKcTyJW0r5TV22O/pk_2FzstpMvpdzlO/Mq8HfsXB/P.crw
https://aaaa.bar/jdraw/6ybu_2FNdKF0gG/m7orpeXdQJjdHGv7mDMIL/JfKVVeTDKq1gaDX7/GcXqJLlu546KZ6e/n4P4OzwLSG43PTmkn1/t0lauqlYi/uThwI2_2Bb89U_2F9plY/Zxq7QGyY_2FF4AUNHAt/i342YI4jYPKMWYQUn0qvUq/ia1VXOlbfvfYW/_2BuG_2B/Dlgb1sPi5LA4l6opVIFmhDT/0Z5HvD.crw
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5282696e9e2aabcd3d346a6d7ed7591e.png
https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg
https://btloader.com/tag?o=6208086025961472&upapi=true
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F0d7ca0c89d5d09bf1d71170b01c3a769.jpg
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F18faa6af75b04f0199f63404d815074b.jpg
https://ad-delivery.net/px.gif?ch=1&e=0.9973131461099627
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5b179a030c29a1ac065fdc22323514dd.png
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_pad%2Cb_auto/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faedbb0638c2ccabdeb958fc2d93204dc.jpg
https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovu
https://aaaa.bar/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\~DF9813413A47FA9BB0.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF61B4A5E235D16C22.TMP
 data
 #
Click to see the 16 hidden entries
C:\Users\user\AppData\Local\Temp\~DF21F93D34852E97E1.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF1D0E3EB87BA124E4.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF062D96AA82264A2D.TMP
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F2CDD13-31F2-11EC-90E5-ECF4BB570DC9}.dat
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D1D55D3D-31F2-11EC-90E5-ECF4BB570DC9}.dat
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{800CAE1D-31F2-11EC-90E5-ECF4BB570DC9}.dat
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{497FFA3A-31F2-11EC-90E5-ECF4BB570DC9}.dat
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F2CDD15-31F2-11EC-90E5-ECF4BB570DC9}.dat
 Composite Document File V2 Document, Cannot read section info
 #