33.0.0 White Diamond
IR
458954
CloudBasic
22:30:20
03/08/2021
Payment_Advice.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
b5a3a16559c14a2db6837fb8792134ae
31280391b1a399a3bc1c8ea0f4fb27e2dc9e56a0
c8ff043caee4e9cc889d1b7f8149e5c59ec43d2d01edeb49cb40fe1fd09a233a
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment_Advice.exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
34.102.136.180
208.91.197.27
173.254.28.149
www.dipmarketingagency.com
true
173.254.28.149
illoftapartments.com
false
34.102.136.180
manno.expert
false
34.102.136.180
www.missabrams.com
false
45.197.108.106
www.quickoprintnv.com
true
154.23.83.67
www.firsttimephysics.com
true
208.91.197.27
www.illoftapartments.com
true
unknown
www.manno.expert
true
unknown
.NET source code contains potential unpacker
.NET source code contains very large strings
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook