jXzrIReInY.exe

Status: finished

Submission Time: 2021-11-25 13:41:20 +01:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
528552
API (Web) ID:
896073
Analysis Started:

2021-11-25 13:49:19 +01:00
Analysis Finished:

2021-11-25 14:01:47 +01:00
MD5:
4ec77eb8280485764b6bc22f6cf7d57e
SHA1:
85215638743eeb6800aaada5d057e96032db6906
SHA256:
716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 36/69

Open Full Report

malicious

Score: 8/35

malicious

Score: 16/45

malicious

Domains

Name	IP	Detection
get.updates.avast.cn	0.0.0.0
windowsupdate.s.llnwi.net	178.79.225.128

URLs

Name	Detection
https://get.updates.avast.cn/SN
https://get.updates.avast.cn/$$
https://www.nuget.org/packages/Azure.Security.KeyVault.Keys
Click to see the 46 hidden entries
http://www.gesmes.org/xml/2002-08-01
http://ocsp.startssl.com/ca00
https://aka.ms/azsdkvalueprop.
http://crl.startssl.com/crtc2-crl.crl0
http://ocsp.sectigo.com0)
http://icu-project.org
http://www.MyBusinessCatalog.com
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
https://www.nuget.org/packages/Azure.Security.KeyVault.Certificates
https://currencysystem.com/gfx/pub/script-icon-16x16.png
http://apache.org/xml/UnknownNSUCS4UCS-4UCS_4UTF-32ISO-10646-UCS-4UCS-4
https://www.thawte.com/cps0/
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
https://www.thawte.com/repository0W
http://aia.startssl.com/certs/ca.crt02
https://www.advancedinstaller.com
https://secure.comodo.com/CPS0L
http://www.startssl.com/0
https://get.updates.avast.cn/
https://get.updates.avast.cn/rentVersion
https://currencysystem.com
https://get.u
https://currencysystem.com/gfx/pub/script-button-88x31.gif
https://get.updates.avast.cn/sreamble/g9_2FKpoNdUnXGannE6/i8VP6bKIH0KEVZxtH_2Fnm/ZbHMSZIAuG_2F/S_2FZ
http://crl.startssl.com/sfsca.crl0C
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ocsp.sectigo.com0
http://www.openssl.org/V
http://www.unicode.org/copyright.html
https://currencysystem.com/gfx/pub/script-icon-16x16.gif
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://www.ecb.int/vocabulary/2002-08-01/eurofxref
http://www.openssl.org/support/faq.html
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
https://www.nuget.org/packages/Azure.Security.KeyVault.Secrets
http://mybusinesscatalog.com0
https://sectigo.com/CPS0D
http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI
http://www.startssl.com/policy.pdf0
https://currencysystem.com/gfx/pub/script-button-88x31.png
http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHhttp://apache.org/xml/messages/XML
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
http://ocsp.startssl.com/sub/class2/code/ca0
https://sectigo.com/CPS0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\lcms-5.0.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\plcd-player.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\plcd-player.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 67 hidden entries
C:\Windows\Installer\MSIA463.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIA5CB.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIA368.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIA23E.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI9CCF.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\3e96f3.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ssleay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ml	PDF document, version 1.5	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\libeay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\lcms-5.0.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\icuio58.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\help.chm	MS Windows HtmlHelp Data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\ecb-eurofxref-daily.xml	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.js	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\~DF46C604FEF4F449F2.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFECF05E5DA56163B3.TMP	data	#
C:\Windows\Temp\~DFCB1E467AADEF7E4C.TMP	data	#
C:\Windows\Temp\~DFBABDC1C846730072.TMP	data	#
C:\Windows\Temp\~DF94144FA3D8D2F215.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF91038100F0FB06FB.TMP	data	#
C:\Windows\Temp\~DF776763C8FB17AE54.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF761133D2E041DEFE.TMP	data	#
C:\Windows\Temp\~DF55CEC612D7410AC0.TMP	data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\System.Threading.Tasks.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Temp\~DF3E7A433E0C409AFC.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF1B68F00AAEC82988.TMP	data	#
C:\Windows\Temp\~DF10CCF93C50CD522A.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\SourceHash{4A523951-0A2F-4D65-A31E-BB22D0CE0CF4}	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\MSIDECF.tmp	data	#
C:\Windows\Installer\MSIA6F5.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Delimon.Win32.IO.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.json	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem4.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\System.Threading.Tasks.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\SslCertBinding.Net.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Microsoft.Azure.KeyVault.Core.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\License.txt	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ICSharpCode.SharpZipLib.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\ecb-eurofxref-daily.xml	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\CrashRpt License.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\AWSSDK.SimpleDB.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\shi1C.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MSI4D2.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MSI1B4.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 61414 bytes, 1 file	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\holder0.aiph	data	#
C:\Config.Msi\3e96f5.rbs	data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\SslCertBinding.Net.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Microsoft.Azure.KeyVault.Core.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\License.txt	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ICSharpCode.SharpZipLib.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Delimon.Win32.IO.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\CrashRpt License.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\AWSSDK.SimpleDB.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem4.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\decoder.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ssleay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ml	PDF document, version 1.5	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\libeay32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\icuio58.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\help.chm	MS Windows HtmlHelp Data	#
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\adv.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1 (…)	#

jXzrIReInY.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

jXzrIReInY.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

Search started

jXzrIReInY.exe