34.0.0 Boulder Opal
IR
540355
CloudBasic
14:09:29
15/12/2021
Bank_Transfer_Receipt_Copy_Scan#342 (5).exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
72a345c95142aee60e7df54b570c2c6b
aa479735d39ced67594ff0b0d5f91679e506ac38
a7a0ada5969b3b343a5c2d17e1fe57f542a0f9cb94b98daf7a4922d8cdcd5e8d
Win32 Executable (generic) a (10002005/4) 97.02%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\IXP000.TMP\nongrav.exe
true
BEB33BD2BF3282F8C86081144236545D
03114FA621E4944693F897C6A015776F4B81BE2B
F27110BABA677C03A4A1B87E19D5FB34C96A7E5F5A3D810E132442A240B97827
172.217.168.46
172.217.168.1
drive.google.com
false
172.217.168.46
googlehosted.l.googleusercontent.com
false
172.217.168.1
doc-0c-ao-docs.googleusercontent.com
false
unknown
Hides threads from debuggers
Found malware configuration
Yara detected Generic Dropper
Maps a DLL or memory area into another process
Tries to detect Any.run
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Sigma detected: Suspicious Svchost Process
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Detected unpacking (changes PE section rights)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Sigma detected: Suspect Svchost Activity
Yara detected GuLoader