Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

3r0Cgcbr8c.dll

Status: finished
Submission Time: 2022-04-28 10:34:16 +02:00
Malicious
E-Banking Trojan
Trojan
Evader
Ursnif

Comments

Tags

  • dll

Details

  • Analysis ID:
    617154
  • API (Web) ID:
    984662
  • Analysis Started:
    2022-04-28 10:34:16 +02:00
  • Analysis Finished:
    2022-04-28 10:46:59 +02:00
  • MD5:
    9c2ba02350538f6a4392c85f44550949
  • SHA1:
    bf9d4375e2ad199794db8fb4887b148dc628b4f9
  • SHA256:
    4216810c4c1d5c0ef229668e1b7180a02610369674a2b9af93fbc9854eaccfa7
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 13/42

IPs

IP Country Detection
94.140.115.8
 Latvia

URLs

Name Detection
http://94.140.115.8/drew/50s8s_2Fm/cVudhHX9qhkwnZn8YGEa/1_2FluFvn0rgITgZHrA/wgcOmIc7KszdPMRNYAwCGU/riR21HHqBfnky/h3W8R7X2/i4XUx7MW7pUIRFpHREax99S/CeaSmQqUkf/_2FQJb20GfOBx67Hv/vcYd4qEFb5vs/GCAhrG_2F_2/Fs8jogZPWA_2BZ/E84C3VPBHuhbD17con0IW/u18AFJcaJWYZ53TT/SBbkABZO2lEW2gv/N0JCn4zxEtu_2BD1lC/F07n5Kpw2LWAlyB/hwLOToT.jlk
http://94.140.115.8/drew/WXsBbTk_2FBXBK/mS8Hu3n2DbeYWVwpxggIZ/cAzhqJf7aBOMcFyZ/ERg2cki7hXSFbet/cCn9kY_2Baq8v2FrSn/Rei5wg7J9/Qsu_2FMujMKTcbcDzJ0J/AhSY_2BVu9QQM_2FYvA/N7OdLSd3CjR0pY4_2FFyUB/GOmdiT9hoha13/v02bkkOg/EJzbMo_2FrexM_2BofdpAOE/xgFjJDpwMl/8SxBhJlVDNq8aMCyL/7JDY3gS5rUN7/gZQ5T5rpdKF/AFQ_2BiwFrwd7d/YmSmnBkM9/kco.jlk
http://https://file://USER.ID%lu.exe/upd
Click to see the 2 hidden entries
http://constitution.org/usdeclar.txt
http://constitution.org/usdeclar.txtC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\RES2B5B.tmp
 Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols
 #
C:\Users\user\Documents\20220428\PowerShell_transcript.468325.WGQFiXaw.20220428103607.txt
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\iig1japh.out
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
 #
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Temp\iig1japh.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\iig1japh.cmdline
 UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\iig1japh.0.cs
 UTF-8 Unicode (with BOM) text
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yympvmax.25e.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrh5g1xw.2sy.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\RESE3E.tmp
 Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
 data
 #
C:\Users\user\AppData\Local\Temp\CSC8E8486282EA843C08CB8749684F1E69.TMP
 MSVC .res
 #
C:\Users\user\AppData\Local\Temp\CSC1476D44366854E63BD1CA8712B7CCE92.TMP
 MSVC .res
 #
C:\Users\user\AppData\Local\Temp\0hvnxdzw.out
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
 #
C:\Users\user\AppData\Local\Temp\0hvnxdzw.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\0hvnxdzw.cmdline
 UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\0hvnxdzw.0.cs
 UTF-8 Unicode (with BOM) text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #