34.0.0 Boulder Opal
IR
524858
CloudBasic
00:58:24
19/11/2021
dUGnMYeP1C
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
9369750d8d21d8fcb1b35365f232625f
30902a381e823450780e0efbbdc4d4130a032e20
8d91807aa27ee93694388b7cbfa9d74a3d93407036650cdd29631360b675853f
Win32 Dynamic Link Library (generic) (1002004/3) 99.40%
true
false
false
false
100
0
100
5
0
5
false
207.148.81.119
196.44.98.190
78.46.73.125
37.59.209.141
85.214.67.203
191.252.103.16
45.79.33.48
54.37.228.122
185.148.169.10
142.4.219.173
54.38.242.185
195.154.146.35
195.77.239.39
78.47.204.80
168.197.250.14
51.178.61.60
177.72.80.14
66.42.57.149
37.44.244.177
51.210.242.234
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Emotet RunDLL32 Process Creation
Tries to detect virtualization through RDTSC time measurements
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for domain / URL