33.0.0 White Diamond
IR
500413
CloudBasic
00:35:10
12/10/2021
616412739e268.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
9e67e68ddbedba865b91b5469ab642ef
f2c7b0735343081be06e48616d0fc14235a28744
41c0934ba1be030dbae45893107f6a2ae5f99c79d7634626263cdf809f7556ee
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
96
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d4e7795f79114aeb9c4dc9cc69e25e6282339_82810a17_1874b820\Report.wer
false
316CE6E876A182906C00DD2AD8F35040
54AD11020F6730D0C756C5682E1BAEA55AE1F317
74EA72682FCB32B1165308196313E62BADE799EF2947E6D132D5A0D077219B19
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d4e7795f79114aeb9c4dc9cc69e25e6282339_82810a17_19a08827\Report.wer
false
9CF8099E09C39847EFFF6FB7B70CEA33
16B081768605B3C60E9DBF23A1646EBDF70337E0
D780C3F704283D57B71AE6362A0F6095E72DEDC4D08062E15094DF7FA1DAD471
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d4e7795f79114aeb9c4dc9cc69e25e6282339_82810a17_1be8e7ac\Report.wer
false
47234B5A061C3D57518C75D012598E15
8054E955AA6274E52832CECAC7BF98AB2AAC4A3E
BF44ADFD50F9CC39C25CC5B4642FD4EE5C007226F9AEDC5BBCA7FBA5DDBF6E4F
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EDD.tmp.dmp
false
6314F249ADC86966FA67E57AE5C44922
FFCAA1E89BAD579997BE419D71AA5F670200CD69
39A76F75342336856B50BBC0B977FBE57722A50B0BD0008499FBBC2A0B263C10
C:\ProgramData\Microsoft\Windows\WER\Temp\WER270C.tmp.WERInternalMetadata.xml
false
D9504C279DAD3BB36B90B2ABB8BD6024
8F897066FFB317B3CB6FE7CEDDCD657ABEFA0AD2
10A8657425ED12843DE5D88E4AC5FB228E04E30FC2285B5ABFAB0644D4F5FDED
C:\ProgramData\Microsoft\Windows\WER\Temp\WER29CC.tmp.xml
false
14148F5D29C531D9A2DAB8BE378319B4
2555ADA459F857D0F04C818ED0FA3523FBAEDA54
345133599386F0C3CD20ADF62510BA963E25DC1EE938691229F2E011F02CCF15
C:\ProgramData\Microsoft\Windows\WER\Temp\WER398A.tmp.dmp
false
FE3A9A57895A11BBDE379864BD34A1AA
4660CCA0FFEDA2D9F0CC371B0E756BEBEE1E59CA
D3DAFB26C47511DD9A99713F077D9D3503749D9A128772ED3BCE2381FAD98C2B
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4543.tmp.WERInternalMetadata.xml
false
76872B4F10DAB5548F7C5A90D51D5856
09F65EB354956B8BDF85D560CB00855480EDA67B
7590A90E442F73573110BB00A58EC1D1B8B6E6A7F8C43CA37ECB25682A052922
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A83.tmp.xml
false
F5119CC37CD940B95701B555B8405D56
0F6AEC842D402C511BC033B95CDDE4B721F845CA
7B59F212C271180A12BD3B2F239E245B604E7BE9F2F6D4BDD729106A8E0E63E5
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CB4.tmp.dmp
false
559FD5E2D54239F3AF7994402E1F225A
6F975E163EC0244D6973DCF1058DC318A990BAAF
4E9B64C1A7891E3469C235B9E4F92693B6D9451B09FE8BB64D09FA8CFDA9EF47
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6984.tmp.WERInternalMetadata.xml
false
BADE93E59CD5720AB99E2508033FE2BB
9257D92BE814163ED9D6E71DC5F282D0377CD90D
E0576D35FA22FA6525FED18862A5C4D3FEF0A7DDA9ABA2DD711D994276920D3C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E67.tmp.xml
false
139252536DD735CAA02910CCEF45FF77
B5EA76ED280C8826367FF09C33596FBD7E73E301
D78ACA3358C19DB67E52384ED6AEE82B755A321E0E5963312DBDE4B5DFD8C370
192.168.2.1
52.98.207.194
52.97.218.66
52.97.218.82
40.101.124.226
40.97.153.146
13.82.28.61
52.97.137.210
40.97.116.82
52.97.183.162
msn.com
false
13.82.28.61
outlook.com
false
40.97.116.82
HHN-efz.ms-acdc.office.com
false
52.97.183.162
FRA-efz.ms-acdc.office.com
false
52.98.207.194
www.msn.com
false
unknown
www.outlook.com
false
unknown
areuranel.website
true
unknown
breuranel.website
true
unknown
outlook.office365.com
false
unknown
Found malware configuration
Multi AV Scanner detection for submitted file
Writes or reads registry keys via WMI
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Writes registry values via WMI
Multi AV Scanner detection for domain / URL