33.0.0 White Diamond
IR
1639
CloudBasic
13:03:23
13/10/2021
Fra FAC-ES101-2107-03806.doc.exe
default.jbs
Windows 10 64 bit 20H2 Native <b>physical Machine for testing VM-aware malware</b> (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
WINDOWS
18b804e21a3c1c80c195e7d20dc38477
9622e70cd6db56de3488e99cd18c5f51e54afb64
cbc14388711803d5a3f90396d4d33c9b3da952c37a5d919daed329cbd487c1b4
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
false
0CD2F9E0DA1773E9ED864DA5E370E74E
CABD2A79A1076A31F21D253635CB039D4329A5E8
96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
AB5C36D10261C173C5896F3478CDC6B7
87AC53810AD125663519E944BC87DED3979CBEE4
F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
false
C0F6E5DE5350F04A1A006A5FD4A782A0
0EB93B14518AF71AAE6DC792D64EC113FE8EF047
922A6F70711F210CFFC79FE8B2D221B6F9BE498B0BB5AC57AEE036FB0BBDE63C
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
20FAB887BAB664264C09893468BB7814
7DBF7EA2C65D6981A7AF9B0AEA8970B3538F4B39
0FC9202FDB486BDE0F5381EB1D2CCAB23E9BD2D3FEB087A820175E2206691E18
\Device\ConDrv
false
9F754B47B351EF0FC32527B541420595
006C66220B33E98C725B73495FE97B3291CE14D9
0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
142.250.185.174
188.93.227.195
142.250.185.161
tccinfaes.com
true
188.93.227.195
drive.google.com
false
142.250.185.174
googlehosted.l.googleusercontent.com
false
142.250.185.161
doc-04-ak-docs.googleusercontent.com
false
unknown
mail.tccinfaes.com
true
unknown
x1.i.lencr.org
false
unknown
Hides threads from debuggers
Found malware configuration
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Uses an obfuscated file name to hide its real file extension (double extension)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: RegAsm connects to smtp port
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected GuLoader
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)