627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188 | Triage

Analysis

max time kernel
200s
max time network
199s
platform
windows10_x64
resource
win10-en-20211104
submitted
30-11-2021 13:20

Sharing

Report Analysis Logs

General

Target

627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll
Size

133KB
MD5

099933e55bc8d3f2b674b737f8a533c9
SHA1

a7841a275c957e007ed20b088455c577bbe88c40
SHA256

627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188
SHA512

7b04ed8fc6892deb6c571d54c306e94ed5082644555ff74e3a3d8cd83459d49366075c3c770e7ce720176c09162d01a67ebe6e565ffb4619ac4ea5627a800fe6

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2728 wrote to memory of 2776	2728	regsvr32.exe	regsvr32.exe
PID 2728 wrote to memory of 2776	2728	regsvr32.exe	regsvr32.exe
PID 2728 wrote to memory of 2776	2728	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2728

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll
2⤵
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2776-118-0x0000000000000000-mapping.dmp

Download
memory/2776-119-0x0000000000800000-0x000000000094A000-memory.dmp

Filesize
1.3MB

Download