8d2f90927603c33947463dc9846dc1b7a220ea1f13dc1a0ccfe538d5f83bbfe2

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 22:24

Target

ursnif_IAT_corrected.exe.dll
Size

56KB
MD5

8b52c277c63c5877c0e4ca32d1458957
SHA1

1d64f4610c6e0af8a3e3a9d8e8b794fc1bebeef5
SHA256

8d2f90927603c33947463dc9846dc1b7a220ea1f13dc1a0ccfe538d5f83bbfe2
SHA512

9f7022155d4764e625fe1a6b5377eed4b2e7620a9bd03c7f5474112de30bb60b7898c5e9a325035544d01c3621bff103f6b857373d146c1f622772e1abbf1b99
SSDEEP

768:A2KGmsx3R69vSvjyRpq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiu6:wGBx3R6iApqlaPGhVMq2LpeReOb2Pmp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ursnif_IAT_corrected.exe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ursnif_IAT_corrected.exe.dll
  2⤵
  PID:1732

memory/1104-54-0x000007FEFBDB1000-0x000007FEFBDB3000-memory.dmp

Filesize
8KB

Download
memory/1732-55-0x0000000000000000-mapping.dmp

Download
memory/1732-56-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download