31.0.0 Red Diamond
IR
321296
CloudBasic
20:03:25
20/11/2020
vOKMFxiCYt.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
bb30a5dd4130b071fb4ca5f005371c63
52c3ca02828a4ad8e8dbf790a61b3d77379ad391
4c73fd4286e76a094eefafe5369f3a184ca4a38d567ae6dfad61645bf968a83f
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vOKMFxiCYt.exe.log
true
1DC1A2DCC9EFAA84EABF4F6D6066565B
B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
198.49.23.141
162.0.232.118
34.102.136.180
3.138.72.189
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
false
3.138.72.189
reem.pro
true
34.102.136.180
auctionpros.club
true
162.0.232.118
ext-cust.squarespace.com
false
198.49.23.141
www.themaskedstitcher.com
true
unknown
www.auctionpros.club
true
unknown
www.reem.pro
true
unknown
www.tessuto.net
true
unknown
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook