flash

SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll

Status: finished
Submission Time: 28.10.2021 04:37:17
Malicious
Trojan
Evader
Dridex

Comments

Tags

  • dll

Details

  • Analysis ID:
    510681
  • API (Web) ID:
    878248
  • Analysis Started:
    28.10.2021 04:44:05
  • Analysis Finished:
    28.10.2021 05:04:36
  • MD5:
    edadfd868f1dd7590ec7c9581eaa146d
  • SHA1:
    37fc2a180dcbf013988d563323e8fa0a3eff104b
  • SHA256:
    3d13e7a3703b143a8210510410bf7f18bc7494ac87248f36fcbe626d93e9017f
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
76/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

malicious
84/100

malicious
76/100

malicious
15/67

malicious
13/44

IPs

IP Country Detection
66.147.235.11
United States
149.202.179.100
France
81.0.236.89
Czech Republic

URLs

Name Detection
http://upx.sf.net
http://www.vomfass.deDVarFileInfo$

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6f46d09e7ef1eb42ce11abc45cbc65234d33bdc2_82810a17_145bb0bf\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d3ad54abe3e4d74bf0171a12b6cd16dc0c1e4_82810a17_03aefd39\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45F.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 13 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER60E0.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 28 02:59:01 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA027.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA894.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB544.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 28 02:58:45 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC542.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7C2.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 28 02:58:49 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA06.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5AD.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8CB.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE992.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 28 02:59:01 2021, 0x1205a4 type
#
C:\Users\user\AppData\Local\Temp\WER8EFF.tmp.WERDataCollectionStatus.txt
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
#
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
#