32.0.0 Black Diamond
IR
433343
CloudBasic
16:55:29
11/06/2021
UOMp9cDcqZ
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
15d907e7d9f8286e5053796c9d78fcec
b7d7329e94e2292ed53e2778cebec533ac599030
771e4f69520f71afe6a6e9a4eb4de7dcd8d7521d90db290ca6c27b1a95c532af
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UOMp9cDcqZ.exe.log
true
1DC1A2DCC9EFAA84EABF4F6D6066565B
B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
52.58.78.16
142.111.47.2
103.120.12.113
34.102.136.180
148.59.128.71
78.31.67.91
www.dmgt4m2g8y2uh.net
true
103.120.12.113
www.hazard-protection.com
true
148.59.128.71
www.yunlimall.com
true
142.111.47.2
thesoulrevitalist.com
false
34.102.136.180
cleanxcare.com
true
78.31.67.91
www.newmopeds.com
true
52.58.78.16
www.trendbold.com
false
64.190.62.111
www.thesoulrevitalist.com
true
unknown
www.jonathan-mandt.com
true
unknown
www.cleanxcare.com
true
unknown
clientconfig.passport.net
true
unknown
www.zgcbw.net
true
unknown
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook