=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

AyBhhRZXPj.dll

Status: finished
Submission Time: 2022-03-23 12:28:46 +01:00
Malicious
Trojan
Evader
Dridex

Comments

Tags

  • Dridex
  • exe

Details

  • Analysis ID:
    595303
  • API (Web) ID:
    962743
  • Analysis Started:
    2022-03-23 15:40:41 +01:00
  • Analysis Finished:
    2022-03-23 15:59:53 +01:00
  • MD5:
    518cc4a9888e76bc1a916fd67a08a075
  • SHA1:
    148d6f12f12a0cae195f36f4319839f6687b7144
  • SHA256:
    57b0d95f62fc7999dd21b6a0aef4087ad855ccb2d28b99463ee6c88ddf037009
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
47/67

malicious
23/37

malicious
37/42

malicious

URLs

Name Detection
https://mixer.com/api/v1/chats/%.0fhttps://mixer.com/api/v1/users/currentBEAM_IMAGEGamesGuide::BeamC
https://MediaData.XboxLive.com/screenshots/Augment
https://mixer.com/api/v1/chats/%.0f
Click to see the 24 hidden entries
https://aka.ms/ifg0es
https://mixer.com/%ws
https://aka.ms/w5ryqnhttps://aka.ms/imfx4kQUITTING
https://aka.ms/w5ryqn
https://mixer.com/api/v1/oauth/xbl/login
https://profile.xboxlive.com/users/me/profile/settings?settings=GameDisplayPicRaw
https://aka.ms/imrx2o
https://mixer.com/_latest/assets/emoticons/%ls.png
https://mixer.com/api/v1/users/current
https://mixer.com/_latest/assets/emoticons/%ls.pngtitleIdaumIdkglIdprocessNamenametypeIdmultimedia
https://mixer.com/api/v1/broadcasts/current
https://mixer.com/%wsWindows.System.Launcher
https://aka.ms/v5do45
https://mixer.com/api/v1/types/lookup%ws
https://MediaData.XboxLive.com/broadcasts/Augmenthttps://MediaData.XboxLive.com/screenshots/Augmenth
https://aka.ms/wk9ocd
https://MediaData.XboxLive.com/broadcasts/Augment
https://aka.ms/imfx4k
https://www.xboxlive.comMBI_SSLhttps://profile.xboxlive.com/users/me/profile/settings?settings=GameD
https://MediaData.XboxLive.com/gameclips/Augment
https://www.xboxlive.com
https://mixer.com/api/v1/channels/%d
https://mixer.com/api/v1/types/lookup%wshttps://mixer.com/api/v1/channels/%wshttps://mixer.com/api/v
https://mixer.com/api/v1/channels/%ws

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\NYpervHTp\MFC42u.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Odp\dwmapi.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\QpruqOk1\DUI70.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\iv505rrw\XmlLite.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\pkru2Wsoo\VERSION.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rgsL2C4\WTSAPI32.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\u70W8\UxTheme.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FileHistory.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\NYpervHTp\mspaint.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Odp\GamePanel.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\QpruqOk1\wlrmdr.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\iv505rrw\omadmclient.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\pkru2Wsoo\PresentationHost.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rgsL2C4\BdeUISrv.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\u70W8\FileHistory.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\vVin\VERSION.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\vVin\unregmp2.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#