=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

CJu1sWJfWk.dll

Status: finished
Submission Time: 2022-03-23 12:28:49 +01:00
Malicious
Trojan
Evader
Dridex

Comments

Tags

  • Dridex
  • exe

Details

  • Analysis ID:
    595319
  • API (Web) ID:
    962753
  • Analysis Started:
    2022-03-23 16:01:37 +01:00
  • Analysis Finished:
    2022-03-23 16:20:10 +01:00
  • MD5:
    2a52d4cc48659ad06386e6f1ddb17613
  • SHA1:
    fb551a1f927e6b86fb2e8281d4f09a753e5a7f5b
  • SHA256:
    ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
52/68

malicious
22/35

malicious
37/42

malicious

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\4hM96ANL\ReAgent.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\KN4et9\WINSTA.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\PVsO8HfRn\dwmapi.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 22 hidden entries
C:\Users\user\AppData\Local\YMJtPINjt\WINMM.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\iSZdEuUQU\mmcbase.DLL
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\ns1MY\WTSAPI32.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\oNo29a9yW\MFPlat.DLL
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\oNo29a9yW\mfpmp.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\oQi\VERSION.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\qpscHm\MFC42u.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\4hM96ANL\systemreset.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\KN4et9\RdpSaUacHelper.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\PVsO8HfRn\Dxpserver.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\V3ju9LunR\WINSTA.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\V3ju9LunR\rdpinit.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\YMJtPINjt\irftp.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\iSZdEuUQU\mmc.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\ns1MY\slui.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\oQi\unregmp2.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\qMQ4Qr\dwmapi.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\qMQ4Qr\mblctr.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\qpscHm\FXSCOVER.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\xHBXOX9\WTSAPI32.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\xHBXOX9\rdpinit.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#