31.0.0 Emerald
IR
386506
CloudBasic
11:42:13
14/04/2021
vEjGZyD0iN
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ecbc4b40dcfec4ed1b2647b217da0441
e08eb07c69d8fc8e75927597767288a21d6ed7f6
878d5137e0c9a072c83c596b4e80f2aa52a8580ef214e5ba0d59daa5036a92f8
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
92
0
100
5
0
5
false
C:\ProgramData\Microsoft\Network\Downloader\edb.log
false
094363BE8F908743B9D630552596106A
7E42A69E811A96BD4433FA423CC9EB4FAF9E4B53
E1B998036F4B81B95C07C1B9730C0975BEA65731925461784D574642640019F5
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
false
0EAC01569376E2645F4DF8DF2340B3A4
02EF7D1D5F5CB405DC5D2CD2202AC7025E3CF1DA
BFC5636B87657FD87EE10F7A5D1C4E8AF12806F63646B537D765905BA7933FB1
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
false
1617F66803D745B33716215C9A171B8D
62518C2EB960F696A9345D2950A019666AB55373
9D3ED0A872131F89ABC473795470ECF569E152EBF33EF2672DAF8994481CDCC4
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
false
367176D1B03EDA499635A77652992C62
F21C3F0B53E19BD7F855AE028F8F083F7906F685
F7428C6ED81FFD47F823ADE137CED1A883106E941FFE719BE4F90B9A332FC8BE
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
false
6AC46745BD263853EDFB44184D077B8C
B336058F9A066FF4568CC0AA3FE7CBBAF1B62AE3
D808089BB5EDCD104089D914F4EBAB58760D2AA77C538CE9685634028B962E49
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
false
C33A8B92D82C1AB19C77E4FDA91D4E4E
EA6B58BDA7213552E6E498485BFA5037CEB6A313
D3D74C5F92335FED1FB0CDA58AFCA7037EBE8D79AD5193C0506FBA814E900738
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
false
DCA83F08D448911A14C22EBCACC5AD57
91270525521B7FE0D986DB19747F47D34B6318AD
2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
false
BC98B2BC99B1D5F7CCF1335AF993C93B
1FA3E74D1407EE96634F598B0BDD372612BE2EA1
7AF2E620931016CAD14F887BB12CCDAD0B8EB15D0B278772C459C23F6B29B50C
193.169.54.12
80.86.91.232
173.230.145.224
79.172.249.82
127.0.0.1
Changes security center settings (notifications, updates, antivirus, firewall)
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Emotet