=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

GpUSRuIBHx.dll

Status: finished
Submission Time: 2022-03-23 12:28:47 +01:00
Malicious
Trojan
Evader
Dridex

Comments

Tags

  • Dridex
  • exe

Details

  • Analysis ID:
    595305
  • API (Web) ID:
    962745
  • Analysis Started:
    2022-03-23 15:41:43 +01:00
  • Analysis Finished:
    2022-03-23 16:00:19 +01:00
  • MD5:
    288c35481252c1212cbb764c490c2ad8
  • SHA1:
    9c48ba2239b5ae5675d0eb6b92cf0a37884403fd
  • SHA256:
    cb793c295b0bcd3baec5546b7176cdfdf10b0a9291d958c72eb85551825d22d6
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
47/67

malicious
22/35

malicious
37/42

malicious

Domains

Name IP Detection
dual-a-0001.a-msedge.net
204.79.197.200
canonicalizer.ucsuri.tcs
0.0.0.0

URLs

Name Detection
http://ns.adobY

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\2HophZ6P\XmlLite.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\2Yf2pw501\WTSAPI32.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\6f22a\UxTheme.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 28 hidden entries
C:\Users\user\AppData\Local\CSYG\DUI70.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\D6R1uM\DUser.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Fjrn\WINSTA.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\LoReH\OLEACC.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\bTcR2e\SndVol.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\bTcR2e\dwmapi.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rDAhA\WMsgAPI.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\2HophZ6P\printfilterpipelinesvc.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\2Yf2pw501\slui.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\6f22a\FileHistory.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\CSYG\DmNotificationBroker.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\D6R1uM\Utilman.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Fjrn\rdpinput.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\G6gv6e\AtBroker.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\G6gv6e\UxTheme.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Kyz7D\WTSAPI32.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Kyz7D\rdpinput.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\LoReH\SnippingTool.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FileHistory.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Ui9PsZ9\OLEACC.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\l5T\XmlLite.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\l5T\omadmclient.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\oOQGGow\DUI70.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\oOQGGow\ProximityUxHost.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\op5PCy\DUI70.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\op5PCy\phoneactivate.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\rDAhA\consent.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\eb42b1a5c308fc11edf1ddbdd25c8486_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#