status.dll

Status: finished

Submission Time: 2022-01-19 11:49:16 +01:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
555803
API (Web) ID:
923329
Analysis Started:

2022-01-19 11:49:17 +01:00
Analysis Finished:

2022-01-19 12:10:50 +01:00
MD5:
947fe47db34a2654fc7aa76ec2bebec0
SHA1:
6e2d76945861c48a2e4552d87583c1a70e6525a2
SHA256:
02bb7e5eda106943c37400103a651d11d1ebfd5f4b0a550874328c2c82340923
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 10/43

IPs

IP	Country	Detection
31.41.44.3	Russian Federation

Domains

Name	IP	Detection
museumistat.bar	31.41.44.3
myip.opendns.com	102.129.143.42
222.222.67.208.in-addr.arpa	0.0.0.0

URLs

Name	Detection
http://museumistat.bar/drew/wga5IeWF0fbDUBK30nf7o/j3uIOKqwUJ7BeRn9/LJzeE6KiaowWMEN/1rl19rIxVGb1taWDFn/bvY_2Bj1I/jdMAwzmFp0So0WDkYGB7/K3_2FBRRUiljGXL6kfm/xF0075RiTcM0CPYkqDi3rw/svrqsYheZV3ck/1VgFcLwV/R_2Be8zhkiZ2WSszO26Jh4p/C_2FhB5HDF/R0NzBeUEC158lMl7p/nVaFZKFRejW7/8Iglv9KSE21/tjMzYgrS/4.jlk
http://museumistat.bar/drew/iAVgwY_2F4_2B2wf10X/FKX8zCBs2KovZS3yYcqVUR/0_2BOKZVcXEno/mLNHqO4f/FdsEVjQZNrZLxNNjyopPvLU/cfGGvFKVJ_/2Fi2PnS811OxATftg/nfhcscYxJdSk/zsHccq2aXfw/iNTGalrAEj6HyF/BYyf3V_2B8kuM2spwKkvI/q_2Bf_2F7dIejZy3/x_2FpxM8IMFGs4y/_2Blb0vaFR2hoHDVFC/Nq2TJxK8w/aDcpB_2By_2F0bU0gDru/h6N_2BG_/2Fyz6.jlk
http://museumistat.bar/drew/9blP_2FAE_2FFwEHiHE7/YS8VB72J_2FAJJllSzs/fyphXYY7W5oXrGE4G68BTo/K6uxe0s8owaZT/sJxgOiGF/toQb9bzuaSQoxlM767HxEUz/ojykuv_2Fm/zAlx3F69HisyQxGCo/YrZLBqFxHDh8/rWHutgpt4HV/9AGOgb99_2BjD6/GPBMSBdUStdt1oIDAqsXJ/Zv_2BHFepXyMKGeg/AYLFYPerTsZQFJf/UksyhZMrYb3d23pSok/_2BcgBxCR/B.jlk
Click to see the 12 hidden entries
http://museumistat.bar/drew/m4PVNjgat1g0/6_2Btp70Ci0/aungsV13kBUs5a/u2A8XHXxV0G6qtvrny9S2/1bGzk7HyzbfK_2FU/H_2BzwQBI0CSjs2/U1xYaVr4zjQvZiLchv/4aLCBz0CM/68jv0usMkhT2JOF9ESfc/julfpSuq9tErtsl1vT0/5cBxjWFbHYxsgooRJoWIHy/X7bt5vrbFueOy/GXHEBf2y/a48Hwj5cem9DF_2FgVMHxJc/2BxgNa1_2B/9wP6Mz_2F/66hqNdd.jlk
http://museumistat.bar/drew/WscgLp0a9mza4KVSZP_2F/qW_2BiGKRm2pEjNT/0yit17kTcYKALfY/Dca3d6njS6Q8Up7_2B/S1Q5c3m1L/htfRX_2FNP4zOUbJdHE0/XcLw_2FUradRuvSZYkz/0N0BHZth_2BNigSkIsxFbw/Kr0gcIwYitNQb/vtve9mnb/uJ6GCaAgncMj3aalqD8JgFA/MTnXx5EVkL/iZOp4aPFrTK2CzYfp/vJg2ovriq7si/LWFvH6yBaQn/MYMUZGLdg/H3Ww.jlk
http://museumistat.bar/drew/2Ghwj5VMTy/n0fnHab4HU0c0skVA/H18bJ5bl99Je/rqcYKjw2LjF/oo3IrxIrGawPDh/WY3GQdM2gSEeA7t2qCkIS/1aubp3gxSiryQwCt/uHpd4lSUp2YM4rr/8xTqKKzowmzwk_2FmS/XK1nPBS4G/Dq2A1gKI6_2BPykbobVi/Bx98dtZc4Ves6LJvXCA/8pS6Ds7iy1MLmIYsX5uHS_/2BoRknJx2A5IW/_2BhddqS/olB0zaEdsk_2Fal/9PLaB.jlk
http://museumistat.bar/drew/zlj4U_2BpF/PFbRjIXiIkOSi8ZuS/gT16WYYiNgoB/9_2B2YxIbZB/GHzyVS_2FCpsZN/30zlWVPVZ1aQWCtoYb1cC/_2FKspT3tLM9jLiA/xGf6rlGahWPj7RL/bfghSuOahu_2Bt2kSL/ri7zS6oyT/3ly7ZC_2BZPzSyH_2FWj/iCG_2FcAdsetgeAR3BK/QVbQCXUdBOX1dHgfCEoJo_/2BiGNBBkCFAf9/x7loptWl/faRjCGMaWc9_2F6NZdJ2zIg/fwEDm60.jlk
http://museumistat.bar/drew/DZcSXh7Ng_2FsV0UJ_2F3/GRst_2FHsmEUpTdn/IlRoWuXOQz6AvVB/oHCRIZwCXdu19fzTF6/IJnk9pqyt/R7YThfxVvXjPoTFVxdIp/9ZSBIRr8aNwCdcqsbSD/ubGl_2FCIQSLMzyQKYuoWo/1iFBN06iwUsUZ/fYXG9Rb_/2BfTgXtLPmMRPeRvowhbSh5/36HMJRHO8b/OSGBdiiAUHsyPYUFc/lxohA008GtqJ/Nc8_2BFhn82/lm9LjrPDHsuz/X.jlk
http://museumistat.bar/drew/VV_2BwS8Vr7FLZE_2Bx/hn00HRykakafUORzXuronm/S2NceGwHyG0lw/75DrHXVA/R1_2F_2Fj4Y_2FxlTCM7oLQ/KdAvtV7PTd/INtjv0kJxFO5LBByA/6IEADuWC8M_2/BC2pEweOA_2/FLFj0zJxXN5f0_/2FXT1i0K56I9LZMvALSyv/P7hw8vY32OG3jn28/BOFJl0FutRVUckU/Qu6XnvXUiNRUBGVYb6/29y_2F1_2/FgyW49mKvtH4XdHIh58L/Va1en8p.jlk
http://museumistat.bar/favicon.ico
http://museumistat.bar/drew/9blP_2FAE_2FFwEHiHE7/YS8VB72J_2FAJJllSzs/fyphXYY7W5oXrGE4G68BTo/K6uxe0s8
http://constitution.org/usdeclar.txt
http://constitution.org/usdeclar.txtC:
http://https://file://USER.ID%lu.exe/upd
http://museumistat.bar/drew/m4PVNjgat1g0/6_2Btp70Ci0/aungsV13kBUs5a/u2A8XHXxV0G6qtvrny9S2/1bGzk7Hyzb

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\eutk2hxp\eutk2hxp.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\vgn3eu5f\vgn3eu5f.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\mrf10rqm\mrf10rqm.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
Click to see the 92 hidden entries
C:\Users\user\AppData\Local\Temp\mrf10rqm\mrf10rqm.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\mrf10rqm\mrf10rqm.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\mrf10rqm\mrf10rqm.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\mrf10rqm\CSC601F2F65325C4ADC8E494E5EE1FB1173.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\fyriofhk\fyriofhk.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\fyriofhk\fyriofhk.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\fyriofhk\fyriofhk.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\fyriofhk\fyriofhk.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\fyriofhk\CSC7F089C7BD9A5426483691E56FD9DB0F7.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\vgn3eu5f\vgn3eu5f.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\eutk2hxp\eutk2hxp.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\eutk2hxp\eutk2hxp.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\eutk2hxp\eutk2hxp.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\eutk2hxp\CSC3C520F3552234BD5981E8C2C19975E5B.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\babtdr3v\babtdr3v.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\babtdr3v\babtdr3v.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\babtdr3v\babtdr3v.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\babtdr3v\babtdr3v.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\babtdr3v\CSC990A060DA8974A64BF3BB68C9993246.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yelyat4t.ngd.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvtk34pq.xbg.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\~DF5CE6EAEE725046DD.TMP	data	#
C:\Users\user\Documents\20220119\PowerShell_transcript.287400.mbM60WFd.20220119115055.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20220119\PowerShell_transcript.287400.MVq65tiG.20220119115053.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20220119\PowerShell_transcript.287400.J0uOBENL.20220119115046.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20220119\PowerShell_transcript.287400.J0NW8DwT.20220119115047.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DFFE80833AB219EB3E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFC2991413B3C0351D.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBDF8A0AFC4330C88.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFB5526166FCAF7E1F.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFABD2BAAC7D7BDC70.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF7C8DCB96582EFF13.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF643103C7B422ACDB.TMP	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ulyjupso.1ye.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\~DF3F633016F59AC3E1.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF310076119A1B03ED.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF228A52FBB344471E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF1E4DB491563E663B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF1A1A38B1DEC70135.TMP	data	#
C:\Users\user\AppData\Local\Temp\yycrjy0w\yycrjy0w.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\yycrjy0w\yycrjy0w.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\yycrjy0w\yycrjy0w.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\yycrjy0w\yycrjy0w.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\yycrjy0w\CSCDAC2BC21A294475B86B2FDF784B11415.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\vgn3eu5f\vgn3eu5f.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED0422-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\61e7ecfaebed4[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\61e7ecf95f22c[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\61e7ecf8f3a99[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\61e7ecf8ef324[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\61e7ecf40e475[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\61e7ecfdaae1b[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\61e7ecfd1c2f6[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\61e7ecfc9b07f[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\61e7ed0289129[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\61e7ecff6e9a1[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\61e7ecf72c368[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\61e7ecfb30839[1].bin	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED0420-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED041E-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED041C-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED041A-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED0418-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FED0416-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BDEB62-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BDEB60-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BDEB5E-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BDEB5C-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BDEB5A-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Temp\5nzflxas\5nzflxas.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tjdcwq0i.u43.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sopdgebh.ooj.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ps3slfo1.dmj.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mb5zdlfp.z1g.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0eawyjup.aqv.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RES522D.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RES4D3C.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RES49B1.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RES4702.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\5nzflxas\CSCCA0D8D115C84DA1A0293F6BF85846.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09BDEB58-7961-11EC-90E9-ECF4BB862DED}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Temp\5nzflxas\5nzflxas.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\5nzflxas\5nzflxas.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\5nzflxas\5nzflxas.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\11mxocay\CSCC5AC99B8323C4ED88D9ECC76C0BE5E59.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\11mxocay\11mxocay.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\11mxocay\11mxocay.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\11mxocay\11mxocay.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\11mxocay\11mxocay.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#

status.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

status.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

status.dll