31.0.0 Red Diamond
IR
330430
CloudBasic
22:44:16
14/12/2020
attach_12.12.2020-4570.vbs
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f32557ed329503fac0bf315e4dd49a19
852ed7bbaf2194b79f4acbc971f9f65fb52ef5fb
40b30d76c89557b0a3c59dab61726f0514202cd6760a26e7d2722bcee462bfbf
true
false
false
false
96
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CE1DE67-3EA1-11EB-90E4-ECF4BB862DED}.dat
false
7F90002C05CE842FA742A6A95130477F
810563E604F38EAA62C937666367B6BB0B6F5DCD
4997F106593FD06508D886AA16C18BC55EB0254DBBF6856A2F0FF291A5134388
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CE1DE69-3EA1-11EB-90E4-ECF4BB862DED}.dat
false
F58BC57AD67B0F72AD6FD1D62F9C7338
5FEF4101FB5B23F72D83B0381E226C8161ED57A7
20BA24693F5EF940608C912C755E4E04BA4B5D228F693801DBFD85C1C77FD809
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
false
A662EC735B66AB4F9BFE32F5FBBE18C2
255A03BF2B13740F069D7B2B485A6B8C4564AD52
5F86D0AF194884867CA7FA1AC45C0E50089D2C686C57C321F87EE78A7C886721
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
false
082B97DDD40FBB0C962E6B27E03D09E4
2E35C93E0C543A1D0E3983954A77A3950C070EC5
DD067A4CDF6E149FCEE75A81C9A9312E0602309B37686CC0C6057A0964C5B2A3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
false
5CE5195EAE9711329525C2DBA115DB8B
0EF40AA39B45EB03A748BCF5F5C6D358B898117A
EE8680680EF1DB9FD310035D25882DC5B249F32352CCDCD84B39DE9AB19AD094
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
false
7C439525198866B74A5646C9EB39BFDE
3DA6046CC748017CE0C552FBD2195FB3CE64B2E2
A90BB12A7D5A13AAEA17050CD5A49D37F8282916A0B8EFE2F42F599B1C1037B8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
false
7002AF50F52263457CD5DBB05821C006
083B6544101D92D0DBD678EE08054FA59B4AAF26
FC53265D11605E91DE7689AAAC20021233D93BD4E7B51C1D37EC72F52AA75A01
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
false
85F51F10FE17B06DCD50DDCE6D514C43
A887CF6F51BD7658D86CAD009434D0DFD368E892
EBE02D9FA074D3C8F222CBB03EC5E60C5E39BA26223E5DF98D3403E66A362BD2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
false
F1805AFC3A3FC5BC6BBD91195C67B1B6
C72EA2A60032B50C90DF7FB4DEDD4BD20F6FB272
A077B36ACCAC7FD3A9883506AAA3EDD68AC0AC3318306031DE473BBA73C9EA20
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
false
706533922003258126BC16C98F8EAC0D
23347078B5AAA1B081CBFF68BBE7128F7C294D07
D6ACA79E66AF04F89E3599844B19CDB0D0CC4B8C8B3AE81C8830F45EB0FD58FF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
false
612D7C7FCF8A4428486E3779F4CF6875
F480C7F4A918800753FB9A90FE40B4D9BB1E9600
EDF823642129FB9B3D21418E7643D5155A3BAC1A6E4326E9E8817BB3ABBCD48E
C:\Users\user\AppData\Local\Temp\Baudelaire.ttf
false
1D4487C6F53B3D4B0E4B4EFE7001FB79
4827CA1405BFD570E8AEC0C06CED985B0EDF5B7C
CCA57B3CFB4B197CB9BC0536AF10F7510287512B458FF40C01FFD62814C94902
C:\Users\user\AppData\Local\Temp\Brookhaven.rpm
false
5FBB9955E6F4CC7722939AA88D88F554
655EB0989F3BCDCE24F09B4436612DD41F22ABFB
5314EA93E054D95DE460C1D6F6F9EC554242EE58C992E51BB4568A97F9FFFA46
C:\Users\user\AppData\Local\Temp\Gerhardt.po
false
5701031A3E1B102200A57126F6D5B853
188D8E047BEDB4F85C6B55C72966E17822DCB92C
54B7972D565213962120552252C86FCF1A092772453BAD27FE67AC28CF84F6A2
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
false
6113DA501DD49CE4EC4371BF09623403
C6701A2FD5B7BB3646696C69C35F60190F20A061
6A1C3300269D4CF8ECDA2ECE8D262CDC05B25B8DF324082D76FAC38340C627CC
C:\Users\user\AppData\Local\Temp\Judy.mp2
false
A89F15BC815D1D5477F83EA8FD4CCD7F
E3D465C4FA64985BE733CA0D0E2B907C4EBF09E9
599269758C5F0B576DCFD0889416326DF76562FCCF434B3BB9C073A0FB30B877
C:\Users\user\AppData\Local\Temp\acquittal.war
false
B4B6356F4BC7859537399B977E3C2164
F5F7040971716D56D4A1D031E6D41DE724F0F870
EBD175F434CED52DD6D90D16A4FAE55C40EE7939CE1CC5324A7C6004506DF90E
C:\Users\user\AppData\Local\Temp\adobe.url
false
99D9EE4F5137B94435D9BF49726E3D7B
4AE65CB58C311B5D5D963334F1C30B0BD84AFC03
F5BC6CF90B739E9C70B6EA13F5445B270D8F5906E199270E22A2F685D989211E
C:\Users\user\AppData\Local\Temp\byproduct.lha
false
AAE9D9F1C4E8879D7FDA64E7556CDA6F
43720BC08E2CBC351884533F8EA162269F448219
CE7AB485D8383747C124C5592F09A15A32FBFD6C8C5C0C48D0F1C0ED158C0994
C:\Users\user\AppData\Local\Temp\chapel.lha
false
6BD5E851524E2F5FB89225CE564F2782
46EEA6DBB9E154696F50FC4FD1FC55F8A0F34D1E
F489434078372F924842498F69D783BE6F6316B5A429AD5FA909A06CD1FB977D
C:\Users\user\AppData\Local\Temp\civet.lha
false
710D38387B3EA19B58D12DB5F086BE34
D8AE706471D21F3828FC1C3969FE7584C0377C21
26BD7D76AA6F1AD3DD61AB03E67ED2405B253F7C1BA37E231F4FB35F5F1045A0
C:\Users\user\AppData\Local\Temp\crutch.ppt
false
E2248DA3B8ECEE80F9A5F9CF7D225E41
68837802704266484D7523D51C5EE5740B67AC94
2A2CD366A484DA6FFC0B2D757F893E7E930F699AC935D17C42512F45FA9F5C40
C:\Users\user\AppData\Local\Temp\dean.mng
false
194F01AA1820D5BE8EAFD41C067DF794
A48B2CB244CC59F000C90101FF26A3BE006ACF7D
D1E65F1D2708E52C926C0F10ABC05775D81262E809FC9F06F4ACDCAC3984B440
C:\Users\user\AppData\Local\Temp\determinant.webm
false
8F9021E0D73C190D38EEFDD89E0C28D2
E822A73FDF744DF37F2FB44FD78A566642A2E7F2
342B29960A4BCA481D4C76A1CD47D6F24E8283F47EB4969D69E7E4A86EB1CC4B
C:\Users\user\AppData\Local\Temp\epigrammatic.ps
false
D1CB1F7B7344D4E20F5F87B152208B01
838B10488C6F39ED4D4DDCEA6EB5E1815E1BC6DF
DD71063617C0215F4A8DCEC17645DC6A3BCF7D11DD327DB3BCAD484E03330AF5
C:\Users\user\AppData\Local\Temp\fought.whl
false
9D65F16E098842483B3948C87287A5EA
94817F8CD7458C4E9F52F3EB334EB6CB7157B357
21E5A4AD597C25261155157945674143DED7C1EA5D50912F0F4C9B8FC84096F5
C:\Users\user\AppData\Local\Temp\gaff.mpv
false
5D7C7932AFE6CF3F02DE01333B555831
54486B96C20CFC89A782447D9E1D368CF2DAD3D6
E40E00D26E430106437ECA80B64037E645ADB2AE05F281A3979340117A13843F
C:\Users\user\AppData\Local\Temp\gullet.cc
false
968B02C47CF160CABDFD6663BE15CDEB
E2569254F3BFCE5C90C74FABC518BFFDB6A075D5
AE83F01BEC7BEE5235BDD8F0A0866407E0F80C0C4B83F18BC99DDF6B4F086BC7
C:\Users\user\AppData\Local\Temp\gully.xml
false
B881B4C44E77C7F0B1FF8B4B6D8FD30F
BF08CCE311EC85C3619BD218A996C7BD149D08F2
0C348972523CC4B8A768611A1D604D3916CBF6366B6B94F023313AA9EE5D5D1A
C:\Users\user\AppData\Local\Temp\hollandaise.m4p
false
A0CDE6777E605BD3BBBFD5F615F22C89
CA4F65D39808FDACA78C3C2717AFAEB66DCCCDC4
BA9DAAA74E9DBB5AF2889B14794CE05AC83068996D1C6848E9B17D5D048F42BD
C:\Users\user\AppData\Local\Temp\krypton.zip
true
0600604C2DC50F282B211B18CE7E9278
F14A234D4D37970809F0461967B6ADE6366E6F6F
EFCF60971CAB4A6C2CE1C907C7F3E873634355E594BF9B594BDEF5084DA9019A
C:\Users\user\AppData\Local\Temp\marquess.cpp
false
1BD66A2C94554E6DF2713F37BEE9AC60
C2586226F7D41A03F1126E6B5F6811D3D1EC2A8E
2D645C9A8DFAAC52EB2B5208150058F2988DBBA55675D7572A7733C709EC2DE9
C:\Users\user\AppData\Local\Temp\mend.less
false
B3889A0709839C3FC875B8DE748FF468
E2441900550A9BC4FFF81FC3F1DE5387286A9F67
09950CDB84892ECAD1AF72709339A1971D00DF689419643A23366C906997E856
C:\Users\user\AppData\Local\Temp\menopause.patch
false
A02FE17A675F386735D88CCBFA305911
B2CEC661C40F10AFD178B6EAEABB4DCAF47ACFAF
CBDC1B9718996A9A02231FB3BEF48E46581E13C01019B79CF4D7FC663B070FC0
C:\Users\user\AppData\Local\Temp\metamorphose.xz
true
03A4ADF216161ACEABAF8B9CBDE58308
5B37A2BDC58279F1F1E31038FFF1F859EEC76CF6
E0E9821E1C172EE90B6EA27D96A0E9053269FB48BCBE7EC4FB42E048DA9F4E8A
C:\Users\user\AppData\Local\Temp\paragraph.ra
false
00CF22ACDB90137DC77A37C35C5E6D90
85BF279BEDB1856D44764F829A1048F537452D38
E967867B2071419FE5494DF9C0459B35C36A5A3D36B03959727EBF4CA6BB4B83
C:\Users\user\AppData\Local\Temp\reminisce.swift
false
EC046E39F86249AA569D9CD3BAA8B2DB
68A2A9020E51533E8B0734F85B2D47C282FC0BD2
A765D00FE36F83F6F032CD9A1CD44F553B401BA01FF3D1F63432F4F71700EAC1
C:\Users\user\AppData\Local\Temp\screwbean.go
false
2F220E3C302AE17F796BB25D57AA2986
9EAE07F1C3B326F6F1D25440A4C3874CFFFDDC76
7AC3FE8334685E9529BD7B51F9B916AD8770A9173FB23ACEF6B396EF3BECA57F
C:\Users\user\AppData\Local\Temp\throat.el
false
D4645DA707A8FA4F35C39605A2E236D0
D0BD767C97092E4C6ECB1626CDECC69388046F9A
B0625B771FDB54752C7DE593B24ABDF781A1CE09C8D1E372191E02EDBD73FF2A
C:\Users\user\AppData\Local\Temp\trickster.tlz
false
E21A10AE9035C8092308DDC4271FDB1B
E559A10DF8B4BCE057F468A910D09E5E78089C4D
225FB2C497CA5872DB5D9C4039AD1FD156A5A6986EA1D50867A9B2EBACA9836B
C:\Users\user\AppData\Local\Temp\warden.xpi
false
570EFE4A9426249002A4FE9E3ED4FF3B
BA399A4F1C8BF977F9F4440171231A517158486C
8AFC1A447FCD23939090B77CE12FFBF62FBFD80D33B8EB634BF02A1B323E6799
C:\Users\user\AppData\Local\Temp\~DF0C08EFA087ABAB68.TMP
false
2EEF667008F8643FA9D944580EF85385
456D5F484D3E8E10369198ADA1C49B0E76806A9C
4795015D499141A162D92047FB7EED7BED488FC07BCC3DC52155533952E8405E
C:\Users\user\AppData\Local\Temp\~DFCDB445B3E37A497E.TMP
false
940BEE97BE92319726816DBFEBB489A2
47A7271B0815A0ECE5EC8626B6D18965348B89A2
AF9765DC949FC72D564225F37C6EF81556271D843AAF31233926541B6A37B58E
88.99.66.31
47.241.19.44
yip.su
false
88.99.66.31
golang.feel500.at
false
47.241.19.44
Creates processes via WMI
Deletes itself after installation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
WScript reads language and country specific registry keys (likely country aware script)
Benign windows process drops PE files
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected Ursnif