33.0.0 White Diamond
IR
452405
CloudBasic
10:07:25
22/07/2021
wREFu91LXZ.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
686dc98567009e47eac88e95804b9dde
5788c30289d12f69d5cf323049d8d3c3a3e73cda
11d84c7f9c579c2e58f4acc04d488d5f1c6cc0439609099eabec42444f5ef952
Win32 Executable (generic) a (10002005/4) 99.83%
true
false
false
false
100
0
100
5
0
5
false
198.185.159.144
217.160.0.254
50.87.238.189
52.5.43.61
64.227.87.162
34.102.136.180
50.87.248.20
matcitekids.com
true
50.87.248.20
extinctionbrews.com
false
34.102.136.180
www.surivaganza.com
true
217.160.0.254
tinsley.website
true
50.87.238.189
cajunseafoodstcloud.com
true
52.5.43.61
ext-sq.squarespace.com
false
198.185.159.144
melodezu.com
true
64.227.87.162
wthcoffee.com
true
184.168.131.241
www.wthcoffee.com
true
unknown
www.avito-payment.life
true
unknown
www.oikoschain.com
true
unknown
www.melodezu.com
true
unknown
www.tinsley.website
true
unknown
www.matcitekids.com
true
unknown
www.mydreamtv.net
true
unknown
www.chaneabond.com
true
unknown
www.extinctionbrews.com
true
unknown
www.monsoonnerd.com
true
unknown
www.cajunseafoodstcloud.com
true
unknown
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook