32.0.0 Black Diamond
IR
433174
CloudBasic
12:14:23
11/06/2021
444890321.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f161fe51fee0cd2f542ea759241c88cb
cd75d9c5a293151ad50dfa1d05edb5871fc08ad5
d2d2d97ab2f2c78a230c58a61296504419d0b545c6c6d76193b654dfe9937499
Win32 Executable (generic) a (10002005/4) 92.16%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\dyngsgthl
false
ABBA582340515314EC9FF824C04D0411
06D227DE691D5A71EE18B380B9C2E9C1CE004921
D068732E61DE049EFBCB653C38143BB2F21744AB0D88D7622CD15D79875D3E8F
C:\Users\user\AppData\Local\Temp\nskAF63.tmp
false
81B6D7E7A76985346D6B8FDD2AAF7B64
CE54CE32897D9A51ED74F5C76CD5154C8E631785
ABB0E78106433D40D7CD85ABB08963E8E15CF7F951BFFAD9F132E8B66E729819
C:\Users\user\AppData\Local\Temp\nskAF64.tmp\System.dll
false
FCCFF8CB7A1067E23FD2E2B63971A8E1
30E2A9E137C1223A78A0F7B0BF96A1C361976D91
6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
C:\Users\user\AppData\Local\Temp\ouzr6npxcb2d0txj
false
5205D9669FCC651E0611AA9081C47CE9
C785A1B2A4F8A50F8E4DAD7304819FB4E162BB61
DDAED0614378CE5EB6110B6AF722F4878715C08BEAE158FAB0C705FC6D525EFD
199.59.242.153
163.44.239.72
35.169.40.107
mekarauroko7389.com
true
163.44.239.72
www.oklahomasundayschool.com
true
199.59.242.153
www.shamushalkowich.com
true
35.169.40.107
www.mekarauroko7389.com
true
unknown
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook