33.0.0 White Diamond
IR
452667
CloudBasic
17:41:18
22/07/2021
v8kZUFgdD4.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
57f3ae2842ffb5ceea386d0b97a52818
68423398d025d3cbbb944ee4c3cea5501df67761
a0c7b3d44a5cfcda917fc80c099da5ab3de582ff7c24f1373b4bd25f88d61e52
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
52.58.78.16
62.149.128.40
162.241.62.54
169.62.77.158
34.102.136.180
103.138.88.11
154.88.31.204
119.59.120.26
extinctionbrews.com
false
34.102.136.180
jorgeporcayo.com
true
162.241.62.54
www.aizaibali.com
true
154.88.31.204
invisiongc.net
false
34.102.136.180
www.scuolatua.com
true
62.149.128.40
www.findfoodshop.com
true
119.59.120.26
doityourselfism.com
true
169.62.77.158
okinawarongnho.com
true
103.138.88.11
www.ecofingers.com
true
52.58.78.16
wthcoffee.com
true
184.168.131.241
www.wthcoffee.com
true
unknown
www.oikoschain.com
true
unknown
www.xn--vuq722jwngjre.com
true
unknown
www.extinctionbrews.com
true
unknown
www.doityourselfism.com
true
unknown
www.cwdelrio.com
true
unknown
www.invisiongc.net
true
unknown
www.jorgeporcayo.com
true
unknown
www.okinawarongnho.com
true
unknown
C2 URLs / IPs found in malware configuration
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses ipconfig to lookup or modify the Windows network settings
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook