32.0.0 Black Diamond
IR
404283
CloudBasic
21:42:23
04/05/2021
fc0bc077_by_Libranalysis.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
fc0bc07721ce94bc9b100e7c846a1210
2d98f05fb78cd75bb44a0087bead8c1604545d07
e707edac036a1a2d08b746c6a50ac0f0e2b1ba1c2668aadf87ea11b666b0eb28
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_0766ec0c\Report.wer
false
26D2C96778ACD61D9780C4EBC68E166F
26B7461B9FB449D28ECD6DDE7E99DE8AE63C5BBE
C4CFF568547C8FEA55F6542B714C6FDBC188903C03D8EAB5B2A35C3103BD095A
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_10f0240f\Report.wer
false
0C20D6700D4FDF6471A54E7946F4CA18
D963D50A85003F2E41F000D70C816ADDEA69868A
BD244616AF0012F8328FADB035BEDD3A0514480F6B8B391B3FA59F143DF325E0
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_70ca6d92bb7cd6d05a398077544511f8e964d76_82810a17_0dc42354\Report.wer
false
AFC7551E811E97D4890917F0725F1135
ED63C72EE8C1309A591CCF3CDC5A5332F85E6611
55ACE0B113C0EABD560D6E4668688CD71A30B75590AB9DBAD10CA315AC77A76C
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_7dd67966396113c995f4a9c30eeff967a1ce3cd_82810a17_06802046\Report.wer
false
9440EA7972766E07CD1327E19C1C247B
088A04CA3B6C73A3D7650AB92F6597FFEE89EAF1
6DEBE33DDFC65B62A5BD2DA29535905133645514D1E48AFC89ECF593E9604E10
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_85bcb2185548acc57fb6c6745d2f8bb6b2be49b1_82810a17_1454221b\Report.wer
false
A12EAA04D0506870309C2F7138A98AA0
9114AE848AE88603BEDDF06398424E3C67DC29D1
9333B076D9AF6EEBF65B397A53CB3F4BA49336735C8F231FD57A39D8A02369AA
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_868973c6c77b45498eb43d99595a7fe2138962a_82810a17_1682f88f\Report.wer
false
AC6564A38DA01ECB0BE197ACA75CD794
4F9E50FE2F686FE00F5BC846E4ECBB0A54A25B56
FEFC9EC2AFAB62C5624F71587E383BC844E40ECACD6DFEAEF114ADA2F90EB0D8
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10B6.tmp.dmp
false
FD6A5D857A265F140C64A8EC4401E76E
5BA50E56C090A014951E2CCF09294481C9BBD72F
35DE6FA92055213621668CADD243C03859D628519623732D27D023B32C2E0E9A
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11CF.tmp.dmp
false
89E785F7C61BF264942ABCD23B3CDE58
950214BA1EBBA19EF1A91499F317E00FEAF1E351
FDD192D0CF9CC7BFDB7F1B06256498FC87F02B6FDE3DCC8E114C6246852EF1B4
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13B4.tmp.dmp
false
128F18CD712C2AE70EBDC763040B46DB
3A74DA025DDE09F7299EF3FA65C0C1D890A0B1D4
D5F9926551CEFB9ABE055F3C985AAE2666881D2FB177332BD9E452FAB62D5C30
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1440.tmp.dmp
false
F61221EE7B709FA21CDE8D6C40CBAE44
AB4EE081228AB2899833E913571709644087B816
001AA7F47984E90637B69CD29C894A971F7150EC101187527B1FAEECE198163C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER181A.tmp.WERInternalMetadata.xml
false
0EF96EFA460D69819DF04855A0C83953
A0896DBDD1F257A071476BD98B8B4C0E69B334D7
B5B3E798C971E181F0E958A884E2C736EDFD4C9558FF893DA0765B3862CCBFCC
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1933.tmp.WERInternalMetadata.xml
false
F75236C3A579EED761F0E10030B6E27A
8A1121F50A9FBA4881EA20F2899CF22872E80479
0AB3BC6F3164430D89874CED4717C6472E657A13B39B80FBF2C34E1DABF5CCAC
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1982.tmp.xml
false
4ABE9138941AF30891290FAE0515DB9B
A83B7E57EB58CE42EC65E383DC579DA7C3ECE6CF
1E4CF4BE3C12082489172157059442B2615425256D366FBD643170CABAC477D2
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A6C.tmp.xml
false
4846F50F872E4A8AA53D571CEECD559F
EC8F2D321F6EE4FEE864F21ECE27F9E8CDB1FF99
8CB133E033F854D6FBE136B2D89A52FB3EEB13F71CBC659B5C83D002FBB255AC
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A8B.tmp.WERInternalMetadata.xml
false
7EF2060332D0A5610A3207C565CC2D64
BD9CFDCD2D9F6752B026604A60EDCF857EB574C0
06662A694D2C443D43AE0553CECF3D8781C97A5403024214A993F5EDE548D4FA
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AE9.tmp.WERInternalMetadata.xml
false
E13F9F0460180CF911320252CE6CF9C0
1856F05EB0387E3A21BC61D0FF209010AFE0342C
CFA8BEC43BE69FF45D5DCB11A9F35035D66D0A0C1A4A0FD7E678B6EA0B39C779
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BF3.tmp.xml
false
76F4C198B2027A56FDE3377775B02D6A
EB9A75DD8E34CBC8B6FF8C4335490FE33A1C813B
A979FEE51D81CB7B0F8A16EF2675F414286E0BE4A7CE12C2D22EA6F2BED0D8EA
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C42.tmp.xml
false
3134EDDD2FDD88A1D65DB9756C231EB8
7660D8D31893A8C6AAE866B4909CC79928B451F7
88F009E69E0E5966A9F26A35F46D57A07C92C907F7723946097FE0714C1E8078
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD97E.tmp.dmp
false
7AE3527170E540035BDD93E0EE31C096
14A3BA01D791E538CDF6845415F8D025C89C4931
A31507D3C30BE23DCC3FD2163DAC1DDD8A885372CDA1371D70155DE170E41007
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0E2.tmp.WERInternalMetadata.xml
false
5B80932A4AC95EB65E3ACA9DDA87E718
9B9BE79028FC60FFDC206B5D68ABBAEF95FD33ED
D65FC1C0C6358462EB3491E6D175B3C590390198D602F9DE58A29DAE9B84F815
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1AE.tmp.xml
false
3D916DD79CDE1C883423BD9B839B953F
62CA53FF330706120B5519B143FCEC7BD6DB4247
681344A6C49F9419C18BD31836A0B7D655253DE18874C3B9AE80054B0E2CE14D
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE342.tmp.dmp
false
E34E085293DC18A24A3DDC8F35287D65
28270F46B36994AC7DF344FEFAB8642DE830AB19
7BB4A909167FB906A87CDE2A234E95186ABD940C21F9BFA7844C38AF1B2B02FF
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF66D.tmp.WERInternalMetadata.xml
false
4D4A7E4D09FAA799E97D6176C63AE803
E0BC1FD43A1BF867A6102731AAEEFDB0A7FE95D8
FE002D89650D220CD275724E3C7982D0B82FA48C3DA934A67DA7CF5F00C36815
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF833.tmp.xml
false
0A2B816991697FE1C620267C2B0C607A
9A1F08BA075938CADB65A79F3ADD7F34875D86B5
BF2E2E4527DC9096AAF9EE9856E38D289EDFF1F72CE97F6E55B9E7B03DED5413
192.168.2.1
167.114.113.13
95.138.161.226
193.200.130.181
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file