31.0.0 Red Diamond
IR
320634
CloudBasic
16:08:34
19/11/2020
order.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
27d7951ec430f93458370a00272d823d
195eef585ef2307027df1ff05678ea2be23ae25e
306d4c4068a82c3c744c534054536b99a0887d71f194a0dcb689bfea9fd0e0f3
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
192.185.152.65
pilatescollective.com
false
192.185.152.65
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected FormBook
Yara detected Generic Dropper
Yara detected GuLoader