33.0.0 White Diamond
IR
452681
CloudBasic
17:56:55
22/07/2021
85vLO1Rpcy.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
91663bee11ec2466c36ff85805041fff
944de18e73bbcf9807c960ba925641211d46cd6e
b764504a2998416edbba85e1495c8311f8cc94f5775ce3413b8d3cbd5acf03d7
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
172.67.129.33
104.21.40.211
162.241.62.54
64.227.87.162
34.102.136.180
78.47.57.7
104.21.86.209
89.46.109.25
fitnesstwentytwenty.com
false
34.102.136.180
sprinkleresources.com
true
78.47.57.7
www.professioneconsulenza.net
true
89.46.109.25
jorgeporcayo.com
true
162.241.62.54
invisiongc.net
false
34.102.136.180
www.manageoceanaccount.com
true
104.21.40.211
melodezu.com
true
64.227.87.162
www.iwccgroup.com
true
104.21.86.209
www.builtbydawn.com
true
172.67.129.33
www.melodezu.com
true
unknown
www.sprinkleresources.com
true
unknown
www.fitnesstwentytwenty.com
true
unknown
www.mydreamtv.net
true
unknown
www.jorgeporcayo.com
true
unknown
www.saludflv.info
true
unknown
www.cwdelrio.com
true
unknown
www.invisiongc.net
true
unknown
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook