33.0.0 White Diamond
IR
481103
CloudBasic
11:05:32
10/09/2021
CGd7lq6RDL.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
c7b71f03f190a5da3e4976f37194419f
8e750d01e1a5edb2c320e1b0b703b5823f241587
930d54df724f1637f38d840e1822fa8f5cccedceb4b86d0e737e2311162e0921
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
80
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06650DBE-1262-11EC-90E5-ECF4BB2D2496}.dat
false
91D74D68B43CCDAE94C1706D038C8A1A
8227029E9BA7F0E28E4DCC141EB41BBA47EF138A
C866FCEBE96AF3868188B0AC5293E9AE25A2D08CDBAD0933AE71F2F37BCDF248
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0443E1A-1261-11EC-90E5-ECF4BB2D2496}.dat
false
0E5636275C441CD90C269D5C6EF99D80
7F044DC2479A60F9AA3AC28957322EB0E1669E4D
A71C123B695592F824A3E57997E78CA48F243820109E60294A8170227E8BD53E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06650DC0-1262-11EC-90E5-ECF4BB2D2496}.dat
false
7FA8DD3F4FB00A17B2C41F231E9A0E07
BDCEB0136D5E5C3394AFF432B30CF297D9A32E33
15E70B605701F421505DFC949C2F0273418CB913CDF5A2376B3E44354A21FF56
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0443E1C-1261-11EC-90E5-ECF4BB2D2496}.dat
false
C81D77FE65821897EC6BDED4CDDB1153
AB2D019A9C9E781534D1ED5358C5A46C801AF633
1DA4003576AAD9DECA1E93655F7FFF67F88E1EEFAB0FED707374B867A076029A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
false
720C1B6AE76C69288735B54685FF20F6
116894018C32921C13272B3442A02A97B84FF73A
7EF6FCC9BC4CBBDFD4D6FFA5348FCC30187B5DFDC00DA7F7D7097196BBD227F9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
false
6E339B98FAEC4B8200B314938FD4C7F6
B6572CF80F6BECD31325FA024BCF4029DBD3A5AA
C6104511DC96081C1E30333DC40B46D18CF336049BE480FDBE454A4CABA52BAF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
false
9F1828F27A4F7BED74A2D84A6130EDB4
B312E021BC2C22E7E4B8A8E641C97A488C18261D
32E1858AEB47481FDF276C220FB0B9B4C94DEDED69F767F180A17C579437A805
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
false
6D86F9B2BC32E5AAD8FDB49FFD43F94A
B2CD5F8A87D637F5C6E2C87C5CE4C459F9C7476E
C507957165F8EFB8BBD112C908FCADEB73E9C692A74F5029C760F2833DC91C3D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
false
8558B33EC3D187F4FEF608A562E12D80
C23BFD2A6FF524C8A9715E511AADE7098557E533
BCC0B19E079D29D80757A892E266CBA59A1995B3DC3A35ECAD56734F3BBA2C90
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
false
94B687BCE7F42C5FCE98156DCCFE1165
EA18499D3B3777B83145C8110A688BDBE3536772
6CDFB7D1E0467264EE8C0418794EAADE5209140F06B5721B921F4FC81BD7EE93
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
false
D1BB70C7AEC00622B4B93AAF50742418
3D191B22DE45823A85E2B2151842F88EA2DD159B
F25615F8A56F3B23763B8A7DD15C1C117909C685F3B7CAF6D071107EA2FCC28D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
false
8FFB06B03840C41C277CF7B6C3EDF51C
1ABDF733FB6F9183040F0443B3206FBBBB0BB692
E53959D9D9012CBD7602EA6E30B632AF76113536B96855F7D88602B2E770BC17
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
false
8A8289DB3625D7AFB565EC722F6AA989
2551F20C55637F97DCE84BA7A9B74F5C06C474AD
537D95D201DD28532C259CAC26D3A9E917CBBE6B4D39B25FA265B291D139802D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\NewErrorPageTemplate[1]
false
DFEABDE84792228093A5A270352395B6
E41258C9576721025926326F76063C2305586F76
77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\down[1]
false
C4F558C4C8B56858F15C09037CD6625A
EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[1]
false
D65EC06F21C379C87040B83CC1ABAC6B
208D0A0BB775661758394BE7E4AFB18357E46C8B
A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[1]
false
DFEABDE84792228093A5A270352395B6
E41258C9576721025926326F76063C2305586F76
77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\dnserror[1]
false
2DC61EB461DA1436F5D22BCE51425660
E1B79BCAB0F073868079D807FAEC669596DC46C1
ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[1]
false
C4F558C4C8B56858F15C09037CD6625A
EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\httpErrorPagesScripts[1]
false
9234071287E637F85D721463C488704C
CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\dnserror[1]
false
2DC61EB461DA1436F5D22BCE51425660
E1B79BCAB0F073868079D807FAEC669596DC46C1
ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\errorPageStrings[1]
false
D65EC06F21C379C87040B83CC1ABAC6B
208D0A0BB775661758394BE7E4AFB18357E46C8B
A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\httpErrorPagesScripts[1]
false
9234071287E637F85D721463C488704C
CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
false
2255590FBF7B2B2DE3B8ABF420E87CE1
49D48DC36BAC1FE9D0AC98A2C981451B3A3B213F
9230DC2F04354883072E5A1F94D04C9F618E863937CAC067992C5500F937E91C
C:\Users\user\AppData\Local\Temp\~DF54FE3B7C7FD18873.TMP
false
EBBDD5B53D8E906796F7500DD2255B8D
134C6ED30946D5C9B8D052EF9D3F5D6FEEE45602
578F3EE53F83BF3D32B9D77EE25801BF0F7885C1878BD52DA67151936CCFFE70
C:\Users\user\AppData\Local\Temp\~DF849AFB3A04ECE3BF.TMP
false
D02335560B534BE6D104EB2EB3FB9272
3C720A2CB2EEC0F62A256E4FA314E5CD2195312F
1602942D59034772849BAE5AF52258B4D4EFA68E4F0172BB634E09A4F551617E
C:\Users\user\AppData\Local\Temp\~DF9956526A696EBC76.TMP
false
E579AF038EA387295A731A257EA4BC05
9AF1A8BF9BDF61AEEE4C4264C454414A36B8D1C4
6B2DA325B9D1F280C27A0E08061DD874D86BBD80A8FF4A2282A36FF2F04471EA
C:\Users\user\AppData\Local\Temp\~DFD9B906886E0EC1C2.TMP
false
7AC15FDA26FE401C71736DE922177826
FCC5B6B4616DE0E693444C8720BDBA92E4EB8FB9
2A0C19E55C64CB545BC8A80D78C406AD56B6477CAE0EBC9866A0E4155D1913CE
192.168.2.1
haverit.xyz
true
unknown
Yara detected Ursnif
Detected unpacking (changes PE section rights)
Writes or reads registry keys via WMI
Writes registry values via WMI
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Yara detected Ursnif