31.0.0 Red Diamond
IR
321416
CloudBasic
21:00:12
21/11/2020
USD67,884.08_Payment_Advise_9083008849.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
947edeb169369ac67c5448cc2f8104a3
5d2181f018ab4b8afd6b193e4651233b44ad7d62
3a89a79e825bf330e3ea46f6a5f548529b642dc61219a8deeaec070a0688a08e
Win32 Executable (generic) a (10002005/4) 99.66%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Ucll08488374ODU8[1]
false
A58901F05995FAA13C445E5A034E438A
122C5093FC63097614AE835B3A0C16501435E13B
19FF839203BFDE839FDBAABBC15CA07578B8CF7447E5125D16674251733CC2D0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Ucll08488374ODU8[2]
false
10EED55FFF2D34F5E878B515A30BDD8E
8300F0DF2E40FF893A468014174A8C5BBF5DA69E
DF94CD85FBF8691A25CEB452BA8E2BD2278CBFC673834B331D83F934EABD14EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Ucll08488374ODU8[1]
false
A58901F05995FAA13C445E5A034E438A
122C5093FC63097614AE835B3A0C16501435E13B
19FF839203BFDE839FDBAABBC15CA07578B8CF7447E5125D16674251733CC2D0
C:\Users\user\AppData\Local\Microsoft\Windows\Uclldrv.exe
true
947EDEB169369AC67C5448CC2F8104A3
5D2181F018AB4B8AFD6B193E4651233B44AD7D62
3A89A79E825BF330E3EA46F6A5F548529B642DC61219A8DEEAEC070A0688A08E
C:\Users\user\AppData\Local\llcU.url
false
C383417198123C1B803E7228FE264791
BBBE7674406F0E703C292059074DB0E18A7743E4
3B79CA662589E4B480EF64A965C9E429C97E93195784D50B2AA7E92E7F35E7D7
162.159.136.232
192.168.2.1
198.136.51.123
162.159.138.232
discord.com
false
162.159.136.232
airseaalliance.com
false
198.136.51.123
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla