GpUSRuIBHx.dll

Status: finished

Submission Time: 2022-03-23 12:28:47 +01:00

Malicious

Trojan

Evader

Dridex

Comments

Details

Analysis ID:
595305
API (Web) ID:
962745
Analysis Started:

2022-03-23 15:41:43 +01:00
Analysis Finished:

2022-03-23 16:00:19 +01:00
MD5:
288c35481252c1212cbb764c490c2ad8
SHA1:
9c48ba2239b5ae5675d0eb6b92cf0a37884403fd
SHA256:
cb793c295b0bcd3baec5546b7176cdfdf10b0a9291d958c72eb85551825d22d6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 47/67

Open Full Report

malicious

Score: 22/35

malicious

Score: 37/42

malicious

Domains

Name	IP	Detection
dual-a-0001.a-msedge.net	204.79.197.200
canonicalizer.ucsuri.tcs	0.0.0.0

URLs

Name	Detection
http://ns.adobY

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\bTcR2e\SndVol.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\2Yf2pw501\WTSAPI32.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\bTcR2e\dwmapi.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
Click to see the 28 hidden entries
C:\Users\user\AppData\Local\rDAhA\WMsgAPI.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\6f22a\UxTheme.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\CSYG\DUI70.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\LoReH\OLEACC.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\D6R1uM\DUser.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\2HophZ6P\XmlLite.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Fjrn\WINSTA.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\op5PCy\DUI70.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\l5T\XmlLite.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\l5T\omadmclient.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\oOQGGow\DUI70.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\oOQGGow\ProximityUxHost.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Kyz7D\rdpinput.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\op5PCy\phoneactivate.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\rDAhA\consent.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\eb42b1a5c308fc11edf1ddbdd25c8486_d06ed635-68f6-4e9a-955c-4899f5f57b9a	data	#
C:\Users\user\AppData\Local\Ui9PsZ9\OLEACC.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FileHistory.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\LoReH\SnippingTool.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Kyz7D\WTSAPI32.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\G6gv6e\UxTheme.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\G6gv6e\AtBroker.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Fjrn\rdpinput.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\D6R1uM\Utilman.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\CSYG\DmNotificationBroker.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\6f22a\FileHistory.exe	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\2Yf2pw501\slui.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\2HophZ6P\printfilterpipelinesvc.exe	PE32+ executable (GUI) x86-64, for MS Windows	#

GpUSRuIBHx.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

GpUSRuIBHx.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

Search started

GpUSRuIBHx.dll