34.0.0 Boulder Opal
IR
544184
CloudBasic
20:18:38
22/12/2021
SecuriteInfo.com.W32.AIDetect.malware1.23460.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
d633b0989e97dc05b09b6233fb53cf37
6e5a7f0493fea40bd213209ad06f4dd9069969ed
03ba158e40b1f9c80c0430cd9a06f00bcbddd3826a5965fccb4ac5b242b91a2c
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_435bf9987f6a7ee95ec1aabecf98fbf5b0b7b2_82810a17_13c89011\Report.wer
false
528060B5278288935D8E6E6CF8D7AA55
FF1EF30180D490BB6A85C15D68F2B1119475EA94
C4D626A7AF577A1F8EBCD56B59087B49387B53CBD5A04428F9B6D298F1CF35B4
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55D7.tmp.dmp
false
BDCA39B95DCCA06B3BC45BF211957E91
68BC6890AC691D3D2F409C14E2C4460A546FB14B
0D370B79901BC4C5146EE15791B426EEA3E2F468C0E1EE5033410DB53F1B7794
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D4A.tmp.WERInternalMetadata.xml
false
0A7BC57EF58024A7A991B0B14B694B99
85AF48EF4DFA78D86ADAE9794F4BD40C44E48946
156B0D27C80F18941CFCE06A2F78C31439DA7BC751E27979B14FF557020C94A1
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6097.tmp.xml
false
671F09B31CC9A830D437045318954C3A
268D9552435BD588930BAA6FE561B848A93039A7
E1CCEF37FF3FFDA37AE3F4434CEEFC4A4B7DAC35C8243AF7A015A6FDECC65B2E
C:\Windows\appcompat\Programs\Amcache.hve
false
1FDF042991087FEB000304EDE09873FD
86F4A5960772839EB54FACAF2EB0AEE18D2E0C47
F12745B570720D489952167E0305BE1D9285D956AC9B570F8BF294FA0ABB4EA9
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
D13F80EEE1683F406026292ED83DF361
809EFC26106DAF98C9B149AF9A1BB7EE8BA14BF3
6C6F3169DB17CA0E2B55FFD7ABEBAB7EF1807181C916243FFD86AA9426E067B7
185.4.135.27
85.10.248.28
80.211.3.13
144.91.122.102
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration