34.0.0 Boulder Opal
IR
544197
CloudBasic
20:27:16
22/12/2021
SecuriteInfo.com.BehavesLike.Win32.Drixed.hc.23689.21492
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
5c9f3e803604beb0fd134699e214db4c
3e775ec10dce6ce1bfc8c7aa299eef7e762c5fcc
a7efe0ee7f8d77a65b1fff3ba0cee76acb43223365dc348fa43ceecf93bcf7f0
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ec956fef9dabf4719f57ed463929b5a2167ca669_82810a17_0c27d8ad\Report.wer
false
109A46E84FEB9C6D1F0BFA9157438420
147C9C69E3DD822BEBF204C2CBCA9859DBAFE39F
626AA47CD69250748CEA8F30CB4459F4205A173C592709B377DED25128702E6D
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC93C.tmp.dmp
false
E4951D32EF752C757D0ED3E56DF0DE15
0E6DB2B40525BAF3713E290EFDDDDC7B5F015AAC
F7EA9B79AA968A2275BE4F76D5CA580FF8FED0CC671B154FAE2BAF0750F69001
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD93.tmp.WERInternalMetadata.xml
false
74502353301A2DF396EB51802A752D82
10B277D1E671E0F449C18E9A524E164729817F9A
53EF482395C2B0C5E09B48FE257FB277C8C8AF83D74F3F76E332A6F1712D1302
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD10E.tmp.xml
false
9E5FBD2CE5C45DEDB467EE35C1ACF45C
C1E5B6BF43265CD06424BB3D1A3A29453E548A84
A555260B2895CA65016B5562ED04B243A9BD49355ADF2620D0BA64575110E00E
C:\Windows\appcompat\Programs\Amcache.hve
false
7A268EF630547AA1B159C7CC0B6EB71E
0E2842F1264B311A978B8A236774CABA66FAA1E2
23887AC36D140AACB7D6B8751B18D02AEA8B51DEBCD13EE03577F5B550EBDFA7
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
A4C208D26EDAEC04D51D22CAB938E1E9
33259A7C6D995D83F7100CFDB126ECF9104CB91D
6B11D99BD102138A6BCEA4003310FD8F088868147BE1EBECF3DF396974990C41
185.4.135.27
85.10.248.28
80.211.3.13
144.91.122.102
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration