32.0.0 Black Diamond
IR
433143
CloudBasic
11:36:19
11/06/2021
INVOICE.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
98901aff995d92677cf637b241ae9a9b
6dac1968c4a9ae4bf26f7fd38efb721fcf7d05dc
fb6e849cd3af7e8b0c8143397e62a595a42abbfbbac81f2cdd0b2cb4d18ea543
Win32 Executable (generic) a (10002005/4) 92.16%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\jxl61c12gqlj1w2
false
EABF5B1834E87B0207D0DC3130F37357
C0B6A3BD8A5598EBAE0180E03DFA5208BAC7B8CC
58575C8E3AD256B66DC397F4721A0BD6E1BE2A80322B868591835394C53D0595
C:\Users\user\AppData\Local\Temp\nfqccgctc
false
BD19C858192D97E9604FACD096F21BAB
20BE0E18245A58AFE0CF734670FE56E5FEE8650B
B62F6C39FAFAEEC5573AC373180FEDD001FD05D876035EFB56A6AD49DEACC280
C:\Users\user\AppData\Local\Temp\nsj9220.tmp
false
8FF52CDF1885512EB8681CC3FF94FA64
12684292C1E37F8609B321E29F44E2E0C07B0B5E
588996F8F600844C43C8BB51A443B1E6046CB02DFA69CD19D62D63B8F51A5EAC
C:\Users\user\AppData\Local\Temp\nsj9221.tmp\System.dll
false
FCCFF8CB7A1067E23FD2E2B63971A8E1
30E2A9E137C1223A78A0F7B0BF96A1C361976D91
6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
104.21.29.70
34.102.136.180
www.cpf3life.com
true
104.21.29.70
www.gicc-fx.com
true
198.252.100.204
phonetomouth.com
false
34.102.136.180
www.phonetomouth.com
true
unknown
www.dollysusmitha.com
true
unknown
C2 URLs / IPs found in malware configuration
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook