31.0.0 Emerald
IR
379730
CloudBasic
07:40:53
01/04/2021
AMPUTERE.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f2fa3c87de32858f1244fb352873f399
3d6f6d635639c689a8e4709ccb379500b4e76096
2beda3caff1f808814294dca346cbe62ad229272d54696fe75e99388a73ff3cc
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
216.58.215.225
googlehosted.l.googleusercontent.com
false
216.58.215.225
doc-14-a0-docs.googleusercontent.com
false
unknown
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader