33.0.0 White Diamond
IR
465268
CloudBasic
10:47:11
14/08/2021
E-Remittance Form_z.TXT.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
0c3bdc11fd6454bb67da849864170b44
1c925518e075761758a47f677016c95f5e80c92c
bdade907a458b6c9d2e87af5667c3b8a16aa7804535634ed662b0e07c34f64b1
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\82139548\bsaecqbjx.docx
false
F0F53FE19A0F58EE77AA2A14F9C1C581
5FD907307B9A05C993E4F1F03A0933977CE9FDAC
8DFE05B156401A48A206E21B86057AE05529F5F963EBCFFAB763D82B5C43C7E7
C:\Users\user\AppData\Local\Temp\82139548\essmbjocut.ico
false
26FD61702ABAB4B42FF87A064DBACBEA
99F80E74E2A16A5AEC6A7310C42AD7777D44DE17
543AECFFBDE74DEC8E0D568AB649AAC80E9F42E464395C742D3778D7159173D1
C:\Users\user\AppData\Local\Temp\82139548\hqlxwejnc.exe
false
358136509F7C05C793B42E886AE6D084
992D2F72C85F9E9745242F6FDCDE071973D224E2
40B4D24B4FA108163B4D24BAF7CAE02CAFFF9DE0AD75BE9A481006E8ECDB76AB
C:\Users\user\AppData\Local\Temp\82139548\kvfbftnru.mp3
false
3995C00C683ABAF23AE16274E0E84A2E
0DB8A0E5AD441ABAAE7ABC1BBE6F99B1E05B6D48
E98C5EB50F09EE0551A5032D91953CBF960F957F9C3C653E9E542F43D8B067AB
C:\Users\user\AppData\Local\Temp\82139548\ledpu.cpl
false
A1563EA76BB076ADE23C8964AD9D8A9F
279087601847BD60F01AAFF79DAAC385649A7807
E0E570841AC7D8611AE4D04E6D50933A2651041BC3BFE07299C2280EA08FEA2D
C:\Users\user\AppData\Local\Temp\82139548\mibt.ppt
false
18BC4D9E0FC1B64E7ECAFCCEBE8FF1B0
E1AAB49B15223B7B28DF4B376C896AF975D60D6E
1E17E644516D5F59C0BA1C856B6B31C8AECEE8ACC7CE092BE36FFD0637E08E2B
C:\Users\user\AppData\Local\Temp\82139548\ncplbfrqpr.txt
false
0B8AF5DC59BB7CB4FDD0B0F7AF3757DF
C44F230525060FBA3C9ADD285F7801119933A796
1E46A71EF3CE0502278DC55F187B52F23029FB0B55A948A32D3E28E439A82812
C:\Users\user\AppData\Local\Temp\82139548\pojm.ini
false
A4DD3AF5059AEBF0C30F2C56E4CA5164
0728B0DBFF92F39DD62BBA076F840A3CEDDADEB5
7BAA9365B05C1D1A6FAA2366A8947AA8BEE7F1029B4503A1430C1BF18B10AA34
C:\Users\user\AppData\Local\Temp\82139548\pqbfmorxw.docx
false
545E57CC8251F56FB77DDE769CB11C97
342C79300E6CDF7644EDA1C72FFDBAA46BDE55F2
7679BAF73789098BC9D5A04C82DE4B5CD2AB209A0B58F9ACE561F50CF1EFDAF8
C:\Users\user\AppData\Local\Temp\82139548\pvvrt.ini
false
6A2411B573ECBA959EA1FD48109FD0A6
FCF12012579E72D3E64DA520A0E76676E0B3D493
249752A301B6EE470D127FCE1684D58AB0546ACAEFC8C9CCCC989E6B49D010AC
C:\Users\user\AppData\Local\Temp\82139548\rnjidsxil.mp3
false
398B0A5437BA24AAC3CA3E573360F9B3
097C4D23BC17BB1C670C2D5E91E13E4BCE5B1405
8AEE1198832808676ADE13F08E17B01D07A91D69C3B88B6967516E7CF9256635
C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
false
5D32075EAAEECB2F209ED24D4676AA39
F0913F914AFB1A9CDAC9FD48552A22376EBD5A25
AC616BEF1065A0D60C7731DC2AAB0B795D4471239B6ACBA9A301BC1290781214
C:\Users\user\AppData\Local\Temp\82139548\run.vbs
true
CDB722E39D2AFD726FE91A0D3A540E8B
8EED8DDC0948243039A2286C19317EE58F4DC28D
B80412F79C971F1E886247CBBD553951793AB8A3388C8A81EDDE54C555ED3666
C:\Users\user\AppData\Local\Temp\82139548\rwvkj.jpg
false
0FCF9A109B3EE20CDB79E59015830DFE
C2E1FFD870CC57A61EA2608DD691FCCBF04B46FF
02B8CB179E2F91F15AD5C1D79F9DD326EAD86A3BE5A8F3ECC53CFB1AA9A2CB43
C:\Users\user\AppData\Local\Temp\82139548\sggjqlvp.ico
false
3BCFFAB29A55B49F02607D6FCF61139C
E6B260BF6C2219EAC6F0D03428B8B7374E5F7663
872BEAA2956D41732F6CEFFDA078F288A39B963174C9D4A1EEBDB40047574A01
C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
true
CDBB08D4234736C4A052DC3F181E66F2
6801A805B6DCB760E8BF399A7D3AD0489FEC7BFB
07E5F6D7EC7CCBC3D742658E9161D799934C6F7F6A3EBF560F361B4EE1730B6A
C:\Users\user\AppData\Local\Temp\82139548\uummnexccu.ini
false
28632856AB37779B2BE85A9F6482747F
9B473FBDE596F68A6670B3663AE13FDE02F0B8FB
AE08F906B87EFC7475D9D9A75B6CB95278A59EC81CC10A40F9E191C99732ABF5
C:\Users\user\AppData\Local\Temp\82139548\wdav.xml
false
7188C2DDAC3FE15E2B779A3DF36E0046
C03D1675326D726B14ECB4EFE2D7C9E5B4516242
F4198D2447BCD0A3C4CE6187A9E879DEF55839C4B78796A179F6E95DAC90F79F
C:\Users\user\AppData\Local\Temp\82139548\wvjnbptk.exe
false
52C468E5B63BD119D9D61B097F98001D
10C1D028CB6060644D81C8B1ABE108A093454F18
0846B83011BC5C400ED8756D5E1CD2E35B33F9B77F3BA403F4A21C956F851D0B
C:\Users\user\temp\pqbfmorxw.docx
false
E476E6BA62A9C4AE9762F8B817B28136
46C94419E4D7066EEC9463DC636B15817C6E065B
552015B135E3564DCDDBBDF1DF5BCEF916CD1729352624CE65904877FD19844C
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses an obfuscated file name to hide its real file extension (double extension)
Writes to foreign memory regions
Yara detected WebBrowserPassView password recovery tool
Detected HawkEye Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected AntiVM autoit script
Yara detected AntiVM3
Yara detected HawkEye Keylogger
Yara detected MailPassView