32.0.0 Black Diamond
IR
432746
CloudBasic
18:05:58
10/06/2021
lTAPQJikGw
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
16657fa097cd334973a5489eeff8bafe
b6db5e9cc112155b7285f0a415cf4889ff1bf7ef
2589143d02f6aef252b5b704f6b98723ae131d3279bcf36d57ee26318bc0741f
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lTAPQJikGw.exe.log
true
1DC1A2DCC9EFAA84EABF4F6D6066565B
B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
147.255.162.204
198.185.159.144
54.69.66.227
156.241.53.161
172.107.55.6
199.195.117.147
99.83.154.118
163.44.239.73
74.220.199.8
198.54.117.216
78.31.67.91
www.myfavbutik.com
true
104.21.15.16
adultpeace.com
true
163.44.239.73
www.hfjxhs.com
true
156.241.53.161
www.cmannouncements.com
true
74.220.199.8
parkingpage.namecheap.com
false
198.54.117.216
www.leonardocarrillo.com
true
172.107.55.6
cleanxcare.com
true
78.31.67.91
www.balloon-artists.com
true
147.255.162.204
sites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.com
false
54.69.66.227
www.defenestration.world
true
99.83.154.118
ext-sq.squarespace.com
false
198.185.159.144
swayam-moj.com
true
199.195.117.147
www.swayam-moj.com
true
unknown
www.boogerstv.com
true
unknown
www.cleanxcare.com
true
unknown
www.adultpeace.com
true
unknown
www.totally-seo.com
true
unknown
www.dreamcashbuyers.com
true
unknown
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook