Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
04-12-2020 16:06
General
-
Target
d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll
-
Size
215KB
-
MD5
62b7ea5ab0744916690bfbb5321dd79a
-
SHA1
0c01a0d3bf8424cdaacee548951245aca3bac0af
-
SHA256
d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833
-
SHA512
c0485ef12df823e48a2a90f21f3ce1c2575eab5635321e9c16fb4ceb94a62b9504b16b7ab021afcc95222acf8c86cb37bccf79408d05b9a36c5127f4935f09ec
Score
1/10
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 22 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8df18849768df726880d2f0cfada92fdb874d98d325c9b7fd7a3082cb665833.ursnif.dll,#12⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/860-4-0x0000000000000000-mapping.dmp
-
memory/1560-3-0x000007FEF77C0000-0x000007FEF7A3A000-memory.dmpFilesize
2.5MB
-
memory/1996-2-0x0000000000000000-mapping.dmp