33.0.0 White Diamond
IR
452720
CloudBasic
18:57:08
22/07/2021
Pedido_73580523.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
facf53403056e3d7529fc8a5ce8be77f
384a0565e553ac374dd6d197b51a94bace517f36
3bd0c04ee4c4ba078c54f4e7f5f956894204b2ccfbe84cdf934c40b28e30165e
Win32 Executable (generic) Net Framework (10011505/4) 49.79%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Pedido_73580523.exe.log
true
1DC1A2DCC9EFAA84EABF4F6D6066565B
B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
C:\Users\user\AppData\Local\Temp\tmpE123.tmp
true
1CFD403DA59597FBE594CD86E12C9F07
9D8F9C78554F0A1B57CAC5C955D1EFCBA5B46086
13E8734988EB55A665C821F06E4CC25DFF34058E3B0F4A70084E210AAF0D1A1F
C:\Users\user\AppData\Roaming\AsJOyfF.exe
true
FACF53403056E3D7529FC8A5CE8BE77F
384A0565E553AC374DD6D197B51A94BACE517F36
3BD0C04EE4C4BA078C54F4E7F5F956894204B2CCFBE84CDF934C40B28E30165E
C:\Users\user\AppData\Roaming\AsJOyfF.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Uses schtasks.exe or at.exe to add and modify task schedules
Found malware configuration
Yara detected AgentTesla
Yara detected AgentTesla