31.0.0 Emerald
IR
379239
CloudBasic
17:55:06
31/03/2021
sample.exe.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ecbc4b40dcfec4ed1b2647b217da0441
e08eb07c69d8fc8e75927597767288a21d6ed7f6
878d5137e0c9a072c83c596b4e80f2aa52a8580ef214e5ba0d59daa5036a92f8
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
92
0
100
5
0
5
false
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
false
353C0E84A6C573D30B15481706263B9A
4DCBF5ED97F1251EEF6E0747906368AB5639D0FA
4412C6044B8C975D5BAB1F0E173339AE2A091A3B4D2DFBF771F1E9B854EF1751
C:\ProgramData\Microsoft\Network\Downloader\edb.log
false
646075E44F100F883F7E59152E3EF4CA
4CBEC5A008144A6283A453F8245AC73CF62657E6
0EA2D94708F340F247E7FBF92279A251ADBA25EBFE76393D972AB622E87B3EFC
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
false
B8CE1C6FACE13ACEE5F9A2334C038E69
7C87D0EF162E24FB745BD424CAAFDECE4A56A578
CE2A119FBC50A1B20863CB932398059123C650664D78D1DD9AF7E9891B9F2472
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
false
C66C2E48C766CF3471C42B08F6C8ED7B
7444129374AC0277347BF95387C6A3E0B5410486
9F8F4BED999D2349E17A3EAE3D886A4BB4AED5ED9D5A4AC741A2656A7C00BC3C
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CCFEED7EF3CD3BBD21329435542A98D2_9C2DDAC79C917837883918D6BB58BE90
false
2CE2AA52CC1BFC68292005EB8A7E374B
24E70BA14E2421CD3C5EE2FBB6B17EDEB460872A
6B9040BD1119EDF96DCD1D66C47C885309928E31D4241DEA855354BF05D74310
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CCFEED7EF3CD3BBD21329435542A98D2_9C2DDAC79C917837883918D6BB58BE90
false
7E058E2DB33BB1959E473791E87D0598
B95B52C72CC561A1C2FED2523318522ED05D3795
E6203AFC6C304CDF4AE846940CAC38A445397B394E6BC8727F976DAE1BFD8022
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
false
91BA3CD3A613DD882D427622B10F0650
6697F03A22A24B9394CDED749685577C2CA8BF30
14AA497AF89DBC41F21A787CF43452D769E7A104D4A03258937E6FC7B379A61F
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
false
E2D597EA15A6F7B2C7EA855019422D01
7D2A93EBCA549402E723EFCFE3B53A4CBC89E594
4F9B396999FD8F5EE1D5D1103D985AD7AABC79B90B04B2C8F3E67A4E0A8AC33C
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
false
CFD76940CE786F2B826DC055471F8728
AD58B13140D189551901FB208CB19372DADE8873
056DDF892673A724E522397D8241745CA04F21A971B81112DDC9CDF61A9A466A
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
false
DCA83F08D448911A14C22EBCACC5AD57
91270525521B7FE0D986DB19747F47D34B6318AD
2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
false
5B593B02A648FCE8EF40A42F6F733497
2DFD9C962525858C098635ADCE05FF1031ABAFE7
6E66D7ED8E8E2434F976120E0BE8BFF3B4DB86323F236176CB119AC2AF872135
192.168.2.1
178.62.39.238
80.86.91.232
173.230.145.224
167.114.153.153
37.187.4.178
79.172.249.82
193.169.54.12
71.244.60.231
159.203.94.198
80.82.115.164
186.103.199.252
127.0.0.1
Changes security center settings (notifications, updates, antivirus, firewall)
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Emotet