34.0.0 Boulder Opal
IR
528751
CloudBasic
18:32:31
25/11/2021
Acct # 3288-1258-1NQ39NGAY0GD'pdf.ppam
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
801ebbda05a9a4dab1f22c0cc979e696
ac65f3e2a69fa2bed620c315cf5894f0c57be8f4
a9fab95f89805a51542cf30800de459ff78eb8a3262642053959ef17c220e5a4
Microsoft PowerPoint Macro-enabled Open XML add-in (32504/1) 80.25%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\281434096-static_pages[1].css
false
B3E61DF6E41A93485461F77324FCD93E
46EFB1044FF1CB854E02BCB49ADA1D501CE0AFF4
0FC52EF116F03FD95F9857856F1E2CBDFA2CACC398E066DB0D8D5481739BC2D7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\403901366-ieretrofit[1].js
false
D9C2977027243C55D7C30A91A772A1F5
04E6C365F6F30ECF2A3C806584289E5DCAAE7136
380672F7418F917D947A24FA2B9CF586ED35030E35696AF2F913D1E37ED9CAC9
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\error[1]
false
16AA7C3BEBF9C1B84C9EE07666E3207F
BF0AFA2F8066EB7EE98216D70A160A6B58EC4AA1
7990E703AE060C241EBA6257D963AF2ECF9C6F3FBDB57264C1D48DDA8171E754
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\googlelogo_color_150x54dp[1].png
false
9D73B3AA30BCE9D8F166DE5178AE4338
D0CBC46850D8ED54625A3B2B01A2C31F37977E75
DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\robot[1].png
false
4C9ACF280B47CEF7DEF3FC91A34C7FFE
C32BB847DAF52117AB93B723D7C57D8B1E75D36B
5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\1397508952-widgets[1].js
false
10ABD44F7D526A256A6EAD8F0847226D
046336B3B36F51238BC910B1A727A6E994607A6E
0A39CCD00E6D85D3527A8E66D2DEFFF303013C8A77829F146E5C9FD22BAF4BCF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\blogin[1].htm
false
FAD69C383523C489367BEDC8D9BB69CF
4A6FF93BD64B56B05E66A886AA019FE3EA842F98
9B71B0053EE833248581CE504C430B3EA30D0D3B62D5B7F7A246BC4B86CF914A
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\1529571102-css_bundle_v2[1].css
false
61A626E88858A0DEFA4B03652F937FBF
75732E3C8BD961FB80DDCA5E9E6FCE510675A0A0
0BCD5919BF34C7672EE85E44FD8C6A695A7FFBDD2126F4E54CAECCA5CA6996EB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\20[1].doc
false
F088BF5A101A83D6427246ABA56AD499
A3388650AC8210FC257A120D3C054BEFA06D44B3
1459B85004D298CB4B4A14672FD42787757C92C7ACC9B4250B231588C08B3097
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\20[1].htm
true
8378FC4427088C54DEFE0912175F660C
3EEF443F491D0FDFF9825334A2EFDF64E24BEEF2
4D1111E7601E961644E62824774D304451017E0FD49EE161AF10354EDE71D5FA
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\error[1]
false
16AA7C3BEBF9C1B84C9EE07666E3207F
BF0AFA2F8066EB7EE98216D70A160A6B58EC4AA1
7990E703AE060C241EBA6257D963AF2ECF9C6F3FBDB57264C1D48DDA8171E754
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ODOASODOchjdjdsfdrueruebdgbjd[1].htm
false
580CAC802DCCF4C98BFC33E263E0B098
B4C8D5E1F187263FA626F1DF5A0454074BBBF1A1
E46C596947E101571F317F3C8ECA8389A3A69C6213746C6EF42AF7BE4042A5AE
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[1].htm
false
C433D6A3E647098079611AA87BAAAE30
3E338ABAD620EA83EBF632E68CA77E3AC9D76FC6
B1A48BB14394B701BB81837A43A6EE8F8E5118F5F61978F4B6359BA4D0EAEC7C
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\body_gradient_tile_light[1].png
false
3B2A20D5B0BA4CA0C5DD90865AD6B9C4
A90928A16D11D21E112B45B60990A9D7D19CC1D5
0FDCB4746995F0D5240E5EC11370CB950722A894F3CFF4118AA68CCC92010EDD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\gradients_light[1].png
false
4F7DE2E6AFEFB125B1F14FA5CDA610EE
57A145F234B504A73F9D55CF39F2231A04719456
ECB30886406E3F776FF7BC3834DE849944471E626FF148BED2FA389D02866044
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Acct # 3288-1258-1NQ39NGAY0GD'pdf.LNK
false
1D58A56FC25109F3A3608E3A8223C00A
79AB39F113FD09D8EFA99AB4C1C8A3C15E6F82D1
5FE2BBEA10B1147E59A9C2B5D7730339907622715E75D4EB7DA3D2EB52676917
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
F1DC2B5A257C9BEBC1AF388B4E8B1983
7ECF80D7E11DED8F9399579D84CB53E3E2FDA259
E779BC1C64F36BD6E4B14E3F1F7DC0F08056B6EFD3ED894F5EB4D95DF239B0F9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FJNMWAG0.txt
false
AC8A4A7F731CC5CBF5DFE3A744D94C2A
019F5EB42D4492246F3E695F0AE7B411CFF1D4C9
5D6A1253D57E4E1A0C7E152C99B962571B1898B566984AF07D9A37C990A9F9ED
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms\ (copy)
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msar (copy)
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AQYZ01APXBHT9275V80X.temp
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BUUO1DMCS4BHU3HYGHQQ.temp
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KU79PZUPCRAJB9M9RQP2.temp
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XG9NCQX4ILMZE1IDCEJ9.temp
false
2A617F1FAEC7CC0FED7F8D0F8818CECA
7835C9C5AC6AD82734222B71506E2721CD906349
89AE7FB31B51E3CE687E3800358D1840CFB2B07918F81FE9D2BCA4B9CBCA8413
199.91.155.88
172.217.168.68
172.217.168.45
172.217.168.9
104.16.203.237
142.251.40.228
172.217.168.1
67.199.248.16
www.starinxxxgkular.duckdns.org
false
142.251.40.228
www.mediafire.com
false
104.16.203.237
download2347.mediafire.com
false
199.91.155.88
accounts.google.com
false
172.217.168.45
www-google-analytics.l.google.com
false
216.58.215.238
blogspot.l.googleusercontent.com
false
172.217.168.1
j.mp
true
67.199.248.16
www.google.com
false
172.217.168.68
blogger.l.google.com
false
172.217.168.9
kdaoskdokaodkwldld.blogspot.com
false
unknown
www.blogger.com
false
unknown
resources.blogblog.com
false
unknown
Creates an autostart registry key pointing to binary in C:\Windows
Creates multiple autostart registry keys
Sigma detected: Suspicious MSHTA Process Patterns
Multi AV Scanner detection for submitted file
Writes or reads registry keys via WMI
Bypasses PowerShell execution policy
Sigma detected: Change PowerShell Policies to a Unsecure Level
Sigma detected: Microsoft Office Product Spawning Windows Shell
Creates processes via WMI
Machine Learning detection for sample
Sigma detected: MSHTA Spawning Windows Shell
Creates autostart registry keys with suspicious values (likely registry only malware)
Sigma detected: Mshta Spawning Windows Shell
Writes registry values via WMI
Antivirus detection for dropped file
Document exploit detected (process start blacklist hit)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses dynamic DNS services