=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

BJp3aUvrt9.dll

Status: finished
Submission Time: 2022-05-17 10:50:11 +02:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • dll

Details

  • Analysis ID:
    628121
  • API (Web) ID:
    995625
  • Analysis Started:
    2022-05-17 10:59:07 +02:00
  • Analysis Finished:
    2022-05-17 11:09:48 +02:00
  • MD5:
    9046f78804227bd742d558325fa8f4c0
  • SHA1:
    37ddabb88b909290e1da368f275448a880887482
  • SHA256:
    e34af6effb596517e32ddf82fb283e8b844ec34d373f4e04e93e9916d26c287d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
13/41

malicious

IPs

IP Country Detection
185.189.151.70
Switzerland
185.189.151.28
Switzerland

URLs

Name Detection
http://185.189.151.28/
http://185.189.151.28/drew/Gno4E_2Fz/JYCqWA_2FqMmY1RZwoiB/wugIArNn94bFR0HD9u1/3DvnzuRELDO66MgbIMgnTX
http://185.189.151.70/?
Click to see the 2 hidden entries
http://185.189.151.70/
http://185.18

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE732.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8F.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_13ec5c98984773435626ad7d5b7558cb4938ccf_7cac0383_1985ef9c\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 9 hidden entries
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_61eae61638761e2a39674020347ca413fb22393_7cac0383_19cdd4c1\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_b75bd23440526356a090f9cb45508f9dce6e86_7cac0383_1ada168d\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1046.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB04.tmp.dmp
Mini DuMP crash report, 15 streams, Tue May 17 18:00:35 2022, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD7E.tmp.dmp
Mini DuMP crash report, 15 streams, Tue May 17 18:00:19 2022, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD06D.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD1D5.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1F0.tmp.dmp
Mini DuMP crash report, 15 streams, Tue May 17 18:00:25 2022, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE56C.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#