33.0.0 White Diamond
IR
452542
CloudBasic
15:03:58
22/07/2021
PI-0387991.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
655318bec9b30d5a2f2dedf399d87438
23f37c9bddcd8393f499fee9b77220765288020c
8cd1a5c6360cc1c0e513d4cc39f649bcb33b61c47c4b498b992ea8e9a41a48cd
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PI-0387991.exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
103.120.82.56
34.102.136.180
162.241.2.50
hispanicassoclv.com
false
34.102.136.180
www.romahony.com
true
103.120.82.56
siteoficial-liquida.com
true
162.241.2.50
idookap.com
false
34.102.136.180
www.siteoficial-liquida.com
true
unknown
www.idookap.com
true
unknown
www.bodymoisturizer.online
true
unknown
www.hispanicassoclv.com
true
unknown
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook