33.0.0 White Diamond
IR
452728
CloudBasic
19:05:12
22/07/2021
PROFORMA.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
e5b234b445e81c5a55f21bc75eb40e5e
f01fbe23b71016e967f30700c3b547bbf9ba1ef3
a76a64fda4a0e041ff234597f21fd66cf2ef66b2d3f56fea86316c997bb0e5bb
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
92
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PROFORMA.exe.log
true
1DC1A2DCC9EFAA84EABF4F6D6066565B
B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla