32.0.0 Black Diamond
IR
432660
CloudBasic
16:30:27
10/06/2021
i6xFULh8J5.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
6c425cf25da766d3d98597a9be4e7300
874344555856dca223730f32ac81b8a743db4cfd
0b72882fbad7f826525003747565e03257ad2e9f60b70d53fe11686dfff1705c
Win32 Executable (generic) a (10002005/4) 92.16%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\cngupzj2oe
false
50C707C4A6C86D7DEEA6AB366421D287
D8C267A75759ACFA4C41440FA114F1537C1C6DEB
D318B7EA53EA3BAEA3077BDF6A509F5795F50347BCED88553B49224322115CBF
C:\Users\user\AppData\Local\Temp\imrixuzycldld
false
9C22DFC73C577BE53A2D0216ED1D846F
B6C3D777BFD8D4EA20AF30D77D413B50B558CB88
CC6D0EC0C062FBB1934B0CDE671CD19F10130B7773F707F3CEBFC48841268DE3
C:\Users\user\AppData\Local\Temp\nsm5CFB.tmp
false
779592F0B8F98EBF3E724421735E1876
97C3E60CF03CBF2F57F78A172E09A53DB520F9E5
9066D1B11F2B6FB122A37F20AA9DFD2FFFC99230A3328844E5BFBB79857FCE9A
C:\Users\user\AppData\Local\Temp\nsm5CFC.tmp\System.dll
false
FCCFF8CB7A1067E23FD2E2B63971A8E1
30E2A9E137C1223A78A0F7B0BF96A1C361976D91
6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
C:\Users\user\AppData\Roaming\xnpbd3fr.5ju\Chrome\Default\Cookies
false
A7FE10DA330AD03BF22DC9AC76BBB3E4
1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
185.145.97.154
mytravelws.com
true
185.145.97.154
mail.mytravelws.com
true
unknown
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla