Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
04-12-2020 16:06
Static task
static1
Behavioral task
behavioral1
Sample
d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll
-
Size
215KB
-
MD5
62b7ea5ab0744916690bfbb5321dd79a
-
SHA1
0c01a0d3bf8424cdaacee548951245aca3bac0af
-
SHA256
d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833
-
SHA512
c0485ef12df823e48a2a90f21f3ce1c2575eab5635321e9c16fb4ceb94a62b9504b16b7ab021afcc95222acf8c86cb37bccf79408d05b9a36c5127f4935f09ec
Score
1/10
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0510861-3652-11EB-B37E-EE45CAFA0C11} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1744 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1744 iexplore.exe 1744 iexplore.exe 860 IEXPLORE.EXE 860 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exeiexplore.exedescription pid process target process PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 1996 1048 rundll32.exe rundll32.exe PID 1744 wrote to memory of 860 1744 iexplore.exe IEXPLORE.EXE PID 1744 wrote to memory of 860 1744 iexplore.exe IEXPLORE.EXE PID 1744 wrote to memory of 860 1744 iexplore.exe IEXPLORE.EXE PID 1744 wrote to memory of 860 1744 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll,#12⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx