33.0.0 White Diamond
IR
481919
CloudBasic
08:25:37
13/09/2021
8U5snojV8p
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
0df4aaffd21acf21ff44429ca485fab8
6915e92d42c5588b8fb254b6e7f69fcefc8d5c82
3147bee916b63c96acc5fb06cac93846d13bb44804931f390f66348abf603941
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
96
0
100
5
0
5
false
C:\ProgramData\Microsoft\Network\Downloader\edb.log
false
56236FF4BBAE658F479447A7052DCFC7
9B1497085FEA378BF2288523510D843B3E126C67
FB5F1F768813FF5A475A3AA36BF8F0F1CABAE97DADF6F327491EF88422D89B5D
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
false
17E96F81CB4ED102FE6794C97156C599
48C855E6B2FCB9D2334072149A0A6899884D6A36
C4FD34A8804736E67F8F3F4B742E0BB399F18C951B7D4354109B5317F916DE07
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
false
7E0904102FD33FD23326DB4DF08003A0
2E86EB389DEA1F87DCA63AF1184D2D53579E0180
4AEE317E782E3C6EB4570DE9711355B880B38297D3A6705A5CD830381AB9D860
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
false
DCA83F08D448911A14C22EBCACC5AD57
91270525521B7FE0D986DB19747F47D34B6318AD
2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
false
F5E08478EE8F48C831ACC6F53CA84BBC
3314F984C9CF17666EE9FD301A592A2BD617928C
00AB2B92D4FB3D38728C216E6C509D862AEBEBD035BA5FC4B2874E99BE2D8A1D
41.60.200.34
79.7.158.208
162.154.38.103
192.168.2.1
201.173.217.124
91.205.215.66
109.117.53.230
121.124.124.40
139.59.60.244
169.239.182.217
61.19.246.238
190.108.228.62
104.131.11.150
176.111.60.55
168.235.67.138
137.59.187.107
95.9.185.228
108.26.231.214
24.1.189.87
200.41.121.90
93.51.50.171
116.203.32.252
5.196.74.210
87.106.139.101
79.98.24.39
200.55.243.138
74.208.45.104
162.241.92.219
75.139.38.211
127.0.0.1
31.31.77.83
104.131.44.150
87.106.136.232
62.75.141.82
153.126.210.205
91.231.166.124
210.165.156.91
37.139.21.175
124.45.106.173
73.11.153.178
95.213.236.64
209.182.216.177
37.187.72.193
46.105.131.79
212.51.142.238
139.130.242.43
110.145.77.103
186.208.123.210
190.160.53.126
81.2.235.111
95.179.229.244
109.74.5.95
91.211.88.52
62.138.26.28
94.49.254.194
103.86.49.11
190.55.181.54
157.245.99.39
209.141.54.221
203.153.216.189
5.39.91.110
185.94.252.104
101.187.97.173
46.105.131.87
108.48.41.69
104.236.246.93
50.116.86.205
78.24.219.147
93.156.165.186
Found malware configuration
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Antivirus / Scanner detection for submitted sample
Yara detected Emotet
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Hides that the sample has been downloaded from the Internet (zone.identifier)
Drops executables to the windows directory (C:\Windows) and starts them