=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

mpXUd364Rz.dll

Status: finished
Submission Time: 2022-03-23 12:28:49 +01:00
Malicious
Trojan
Evader
Dridex

Comments

Tags

  • Dridex
  • exe

Details

  • Analysis ID:
    595330
  • API (Web) ID:
    962755
  • Analysis Started:
    2022-03-23 16:11:09 +01:00
  • Analysis Finished:
    2022-03-23 16:29:04 +01:00
  • MD5:
    76a03b741a85be73b47b1a72cea1becb
  • SHA1:
    f453704ee0177d5771766870bc871e7c048a6c61
  • SHA256:
    7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
43/67

malicious
22/35

malicious
37/42

malicious

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\4gdyz\XmlLite.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\E4DREUfrP\VERSION.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\SUX56B\UxTheme.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\USNBng\WTSAPI32.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\lcdNfR\SYSDM.CPL
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\tivYqgA\newdev.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\4gdyz\sppsvc.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\E4DREUfrP\iexpress.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\JvUQhw\MusNotificationUx.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\JvUQhw\XmlLite.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\KGg\VERSION.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\KGg\iexpress.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FileHistory.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\SUX56B\FileHistory.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\USNBng\MDMAppInstaller.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\lcdNfR\SystemPropertiesComputerName.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\pUTm\SYSDM.CPL
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\pUTm\SystemPropertiesAdvanced.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\tivYqgA\InfDefaultInstall.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\xwE\VERSION.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\xwE\wextract.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#