=

We are hiring! Windows Kernel Developer (Remote), apply here!

BJp3aUvrt9.dll

Status: finished

Submission Time: 2022-05-17 10:50:11 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Tags

Details

Analysis ID:
628121
API (Web) ID:
995625
Analysis Started:

2022-05-17 10:59:07 +02:00
Analysis Finished:

2022-05-17 11:09:48 +02:00
MD5:
9046f78804227bd742d558325fa8f4c0
SHA1:
37ddabb88b909290e1da368f275448a880887482
SHA256:
e34af6effb596517e32ddf82fb283e8b844ec34d373f4e04e93e9916d26c287d
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports

				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						13/41

IPs

IP	Country	Detection
185.189.151.70	Switzerland
185.189.151.28	Switzerland

URLs

Name	Detection
http://185.189.151.28/
http://185.189.151.28/drew/Gno4E_2Fz/JYCqWA_2FqMmY1RZwoiB/wugIArNn94bFR0HD9u1/3DvnzuRELDO66MgbIMgnTX
http://185.189.151.70/?
Click to see the 2 hidden entries
http://185.189.151.70/
http://185.18

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE732.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8F.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_13ec5c98984773435626ad7d5b7558cb4938ccf_7cac0383_1985ef9c\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
Click to see the 9 hidden entries
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_61eae61638761e2a39674020347ca413fb22393_7cac0383_19cdd4c1\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_b75bd23440526356a090f9cb45508f9dce6e86_7cac0383_1ada168d\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1046.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB04.tmp.dmp	Mini DuMP crash report, 15 streams, Tue May 17 18:00:35 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD7E.tmp.dmp	Mini DuMP crash report, 15 streams, Tue May 17 18:00:19 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD06D.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD1D5.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1F0.tmp.dmp	Mini DuMP crash report, 15 streams, Tue May 17 18:00:25 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE56C.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#