Analysis
-
max time kernel
200s -
max time network
199s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
30-11-2021 13:20
Static task
static1
Behavioral task
behavioral1
Sample
627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll
Resource
win10-en-20211104
General
-
Target
627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll
-
Size
133KB
-
MD5
099933e55bc8d3f2b674b737f8a533c9
-
SHA1
a7841a275c957e007ed20b088455c577bbe88c40
-
SHA256
627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188
-
SHA512
7b04ed8fc6892deb6c571d54c306e94ed5082644555ff74e3a3d8cd83459d49366075c3c770e7ce720176c09162d01a67ebe6e565ffb4619ac4ea5627a800fe6
Malware Config
Signatures
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2728 wrote to memory of 2776 2728 regsvr32.exe regsvr32.exe PID 2728 wrote to memory of 2776 2728 regsvr32.exe regsvr32.exe PID 2728 wrote to memory of 2776 2728 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\627eb63f8ad3da2b0e9e440379c3eea989d33a4470141cba80f8e199051cf188.dll2⤵