31.0.0 Red Diamond
IR
321308
CloudBasic
20:12:07
20/11/2020
NQQWym075C.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
bf75ed61e1b1f7b310ec1d999077c4dd
cdced77e176e38ff459cdea08941de26861647cd
69357684ec8f83d428d2030db5f3d586718207e86457465e7fd37b3b4b7c4db2
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
66.235.200.112
35.186.238.101
160.122.148.234
198.49.23.141
192.64.147.164
23.227.38.64
34.102.136.180
65.254.250.119
myreviewandbonuses.com
true
66.235.200.112
www.deadroommn.com
true
35.186.238.101
teelinkz.com
true
34.102.136.180
keitakora.com
true
34.102.136.180
www.sz360buy.com
true
160.122.148.234
ls3xg13085cb982.dlszywz.com
false
47.91.170.148
ext-sq.squarespace.com
false
198.49.23.141
shops.myshopify.com
true
23.227.38.64
www.tnicholson.design
true
65.254.250.119
thrust-board.com
true
34.102.136.180
www.sabaicraft.com
true
192.64.147.164
www.houseofhawthorn.com
true
unknown
www.bs600mc.com
true
unknown
www.ussouthernhome.com
true
unknown
www.keitakora.com
true
unknown
www.thrust-board.com
true
unknown
www.biolineapparel.com
true
unknown
www.teelinkz.com
true
unknown
www.not-taboo.com
true
unknown
www.qzrpxx.com
true
unknown
www.myreviewandbonuses.com
true
unknown
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook