HxEWwh74qT.dll

Status: finished

Submission Time: 2022-04-22 15:25:22 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
613862
API (Web) ID:
981379
Analysis Started:

2022-04-22 15:25:25 +02:00
Analysis Finished:

2022-04-22 15:41:09 +02:00
MD5:
5d2b5cbd8a574c9e35309e21ecf93a0e
SHA1:
c15e583e28556f5d187197937b4d2a715ebf8ca7
SHA256:
52d14c9cd56aa41ba98a24a4a3dc3674f7e281c3d79f6aca141382fb56585bcd
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 25/68

malicious

Score: 13/42

IPs

IP	Country	Detection
146.70.35.138	United Kingdom

Domains

Name	IP	Detection
l-0007.l-dc-msedge.net	13.107.43.16
a-0019.standard.a-msedge.net	204.79.197.222

URLs

Name	Detection
http://146.70.35.138/phpadmin/1p0semBcWFOiJ/VuHxHtu5/AN830nRWQ1d2xctaoA3KLHR/918Z9VEhPV/P8ohXldFwnNmepL6Q/uKTfc4fmSrkK/BfYNKcK_2Bx/w_2FA1ltM5KCgm/3UT06OWaufeDOP8Oq_2FL/oIF6meLVrySmPHH0/RIFJ_2FHuhWguIS/4hvBrDpXZ_2FB9M_2F/VjlCK_2FC/TflkNLJtzRIEzaze5_2F/wDsLbDghNL5li48V5rm/4qe0lRbO5_2FdP6RKk3aIg/j40b09twfw_2F/PdHkwNcC/i0_2BVuZ/L.src
http://146.70.35.138/phpadmin/sJOLDU_2FhOUoo/k46SW66GV6I1pQKjWA9TE/PWpby4hvIkOnAKsS/x0Aee5T7Xyol_2F/mHBJFq72pa7ZryIdq5/j7jpLfh_2/B9C_2B8rr1N7pwYs7Hbz/HAjnG5DvkxUUwsnvZ2H/7mKa3lBAhH1k0Vg5CBUe72/SPp1Kc_2FZv6K/7UGQxmIh/q1dxSy205p9HqV1EWhDaIi0/wpq760vWJe/2wvTRaTBNSXKAlgWL/PHcpI3wJ6a_2/BROCpFJpoTX/N2ZuQyATVgKAeO/_2Fd3SdF.src
http://https://file://USER.ID%lu.exe/upd
Click to see the 7 hidden entries
http://ns.adobY
http://constitution.org/usdeclar.txt
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/Pester/Pester
http://constitution.org/usdeclar.txtC:

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\RESD841.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols	#
C:\Users\user\Documents\20220422\PowerShell_transcript.910646.1Eiln6hD.20220422152728.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\pkbugtxo\pkbugtxo.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
Click to see the 26 hidden entries
C:\Users\user\AppData\Local\Temp\pkbugtxo\pkbugtxo.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\pkbugtxo\pkbugtxo.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\pkbugtxo\pkbugtxo.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\pkbugtxo\CSC26C720E9EBC041F086604EECC7DD3CDD.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\lboh4mlq\lboh4mlq.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\lboh4mlq\lboh4mlq.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\lboh4mlq\lboh4mlq.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\lboh4mlq\lboh4mlq.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\lboh4mlq\CSC3DF21D054A9F4C66BF1FA9CD771B1F79.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xeni10bs.j5c.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_itmkjels.31u.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RESED31.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_2828325eddc3a9f8faabde465b0f08bdb67a44e_7cac0383_17ca004a\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF7B1.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF629.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2CD.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Apr 22 22:26:59 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD237.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0A0.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD53.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Apr 22 22:26:50 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBFA9.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE12.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8D1.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Apr 22 22:26:45 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_f73ca53a05f727fe3c280efd3588c9d22d24062_7cac0383_0d5dc489\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_82d8da601ff98714cf9338fbdd7f7aa4314182a_7cac0383_186e5281\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#

HxEWwh74qT.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

HxEWwh74qT.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

HxEWwh74qT.dll