34.0.0 Boulder Opal
IR
528695
CloudBasic
17:08:11
25/11/2021
EzCOXP6oxy
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
0c32d4334246cc061e80fc9cf0780a58
eec70a7ff5e0ed8adb1bba38021dc2fdf0b1081d
c4e9dbb3e3b37e36574a8d963f3ba83d61beceedfb640e9592b0a416396ca46e
Win32 Dynamic Link Library (generic) (1002004/3) 94.34%
true
false
false
false
100
0
100
5
0
5
false
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
false
3A0984010B462F7305085D71C9C31A20
DBBF15BBAC84EF3F70211EDB78135FBE8D3115D5
67AFE58FA33A4D5AF793FB84CA55E9D3F896870EB7DA3005E791414602E54E61
207.148.81.119
196.44.98.190
78.46.73.125
37.59.209.141
85.214.67.203
191.252.103.16
45.79.33.48
54.37.228.122
185.148.169.10
142.4.219.173
54.38.242.185
195.154.146.35
195.77.239.39
78.47.204.80
168.197.250.14
51.178.61.60
177.72.80.14
66.42.57.149
37.44.244.177
51.210.242.234
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Machine Learning detection for sample
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Emotet RunDLL32 Process Creation
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)