33.0.0 White Diamond
IR
502358
CloudBasic
20:33:16
13/10/2021
56460021473877.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
d95e9bb2fa064a984c391b5bfc1d01e6
6b045974084794b785110909351e2a25950c5ed6
b499be4b6955eebcf4228039f67a65a38b322f0ca1d58d8071de9a428ced8720
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\56460021473877.exe.log
false
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
213.186.33.5
52.5.157.71
216.10.241.4
67.205.83.103
31.170.167.144
154.208.173.144
148.72.177.185
serviciosgeneralesjba.online
true
68.65.120.219
www.sapphiremodule.com
true
44.227.65.245
www.nhmingwei.com
true
154.208.173.144
txsports.club
true
148.72.177.185
rajinderbeas.com
true
216.10.241.4
thecrystalconsciousness.com
true
31.170.167.144
ps-sac.com
true
67.205.83.103
www.box-770.com
true
213.186.33.5
mitiendanube.com
false
52.5.157.71
www.txsports.club
true
unknown
www.eastsidescooters.com
true
unknown
www.celltecstore.com
true
unknown
www.rajinderbeas.com
true
unknown
www.thecrystalconsciousness.com
true
unknown
www.ps-sac.com
true
unknown
www.serviciosgeneralesjba.online
true
unknown
www.ville-fogalmam.com
true
unknown
Sample uses process hollowing technique
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Maps a DLL or memory area into another process
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Multi AV Scanner detection for domain / URL