33.0.0 White Diamond
IR
500299
CloudBasic
22:32:39
11/10/2021
B6VQd36tt6.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
c4c060ec6b1e42d70972d0af66a04e66
3ef84847fceb31b8814c12c94c57c72a5281d6f5
47715e425398283d53019c270311ad0c709f660048d2f884d5116d80b983743f
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
96
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4323c1d7a32576d87639b5d887c5a93fe7aab20_82810a17_09f0aab7\Report.wer
false
A7E04B92D3FF2630B68DB7BFD15F234B
2DC4F227B387515B9B2F85292925E3A6130D8F89
7A24FFCD6511ABEE0C923E0CB5AE405DC37DC14AE082A11B676FC554076A5398
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_70ca6d92bb7cd6d05a398077544511f8e964d76_82810a17_06908bb5\Report.wer
false
3BE35060EBF507559C93F8D1F5EB195B
5F8B547C0693CD5BBECA73FA322D9C3FE9B65353
E7F44AE2CEF8BFE2CF014F4D3548912DDCE95B11ED79A28B7E5A7042C0CBA7E3
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_70ca6d92bb7cd6d05a398077544511f8e964d76_82810a17_06a0b526\Report.wer
false
85950B9E9E4E67DE8E5F06F24CC9BF90
EBD85516F99D3D3DC07BB5BFBA834EAE487D708E
9A31F447CB4C034FAD9CD7856D8CEB9107F86ACDB1D517B353913F72402B0405
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B10.tmp.dmp
false
1F86AC58A89B09958F6BBDF996932D6C
B5C051402F31C21C47DFEBB77F853F1744BFA5EF
DDA9149E21CEEC51431DE39AD01BAEA1411ECBEF9E04D6C826CC950CE8F74BAE
C:\ProgramData\Microsoft\Windows\WER\Temp\WER63AC.tmp.WERInternalMetadata.xml
false
E03C343BC0633FAF3DF69A060E98C747
5135A8DF7F0E81B7FC6A480ADE2DC1B7CB8926FA
29B00A99BF02D4F8D6906AD9996D4761AEA35B9A30E92FE4D37154522EA81CF4
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67D4.tmp.xml
false
FD9057D258E84F2AB9F3DA66302684D2
CFB67DC24CA388AA63C520A6A9C376283464903B
2BFE2A84C2D32CFCB07775E0AB48253E5FAC997C9176F069895CE7C53BA34D66
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D9E.tmp.dmp
false
10D974B64FF526B2A6BE856FEAE7A23C
2F9FEF4D1C2749CE1B3276CBB0C22DED5C762898
469BEB63A87C03FF1FE513482FC8AE36E771E67EB2B6AAB9097A41919D47CA2C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER788B.tmp.dmp
false
CDC28147E5D2C8FEE62D5F364AFA21BA
53EB490C35EAB537578892AD7F05349AB808A1DD
8362B9A6373C9A5750EE252FB5C49CA38A8A60C04E9164CBCCF9AE86E5D904CE
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CD2.tmp.WERInternalMetadata.xml
false
53A8713A3D518BF4398C7DC5EE97832E
6B32AD490FF98765EB4BBAAA70FFD48472359318
A30F7DE6606984ECF22AA59393DE486BD3FE946732A3CF72C73A5455255AE5E8
C:\ProgramData\Microsoft\Windows\WER\Temp\WER837A.tmp.xml
false
B1DDC3420DFB7C2BBA3617F7CDF427FE
E23312B013B75C48E88A357A5785379F3DCFF69C
B245B4E2C87A879130313F58B73202BFAAD8682932594690378021E4AED06ACA
C:\ProgramData\Microsoft\Windows\WER\Temp\WER88E7.tmp.WERInternalMetadata.xml
false
F9B0FDED752EEA1C8BA95054EBA02EFE
2D27B171C34E2014EF1EF7CACC6B1F114499504C
F2689516846EB5ED28B5A31DBD00A54AE06BBCAF0FA57CFDB94889D8E4B7BD7C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CD0.tmp.xml
false
40F554717EE45DC3457D352B8AE8CFA3
0BC9E6BF5E0BEB76C6996B7F162A3C4E60F3CEFC
1F4F99A93A24C94FAC6CF76BBC62F517BEB2A4000011AFCE29662591E2C55F84
52.98.199.194
52.98.208.66
52.97.178.34
52.97.178.98
40.97.161.50
13.82.28.61
msn.com
false
13.82.28.61
outlook.com
false
40.97.161.50
HHN-efz.ms-acdc.office.com
false
52.98.199.194
FRA-efz.ms-acdc.office.com
false
52.98.208.66
www.msn.com
false
unknown
www.outlook.com
false
unknown
areuranel.website
true
unknown
breuranel.website
true
unknown
outlook.office365.com
false
unknown
Found malware configuration
Multi AV Scanner detection for submitted file
Writes or reads registry keys via WMI
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Writes registry values via WMI
Multi AV Scanner detection for domain / URL