32.0.0 Black Diamond
IR
432685
CloudBasic
16:58:17
10/06/2021
SecuriteInfo.com.Artemis6D92C3B9739F.17565.19344
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
6d92c3b9739f2747f6956811f68888ea
f59d802038242dcd6703a937617b2d8d34b7aa33
675e2470a3c7fe645fe445c95ae152a2dd2d2ccedb366e3cc1e070bb31c59ec4
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Artemis6D92C3B9739F.17565.exe.log
true
B666A4404B132B2BF6C04FBF848EB948
D2EFB3D43F8B8806544D3A47F7DAEE8534981739
7870616D981C8C0DE9A54E7383CD035470DB20CBF75ACDF729C32889D4B6ED96
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3