34.0.0 Boulder Opal
IR
544201
CloudBasic
20:30:19
22/12/2021
triage_dropped_file
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
232a73868213c05f54359f7d7c5d349f
2de77f30b087dfb182e414c341c6d6426e752fd9
47738cc4c2025a2f4655695777fabde7c80bf272406b4dd89efbfab34ff5780b
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ec6115aeb189d7d59bb1a88bf53c0a942c0e358_82810a17_1240230c\Report.wer
false
B42CE31931FA6A0E0BF6D515319A6CCA
B1A7EF8C7B8C45A96775DE9D6228E820E07EA4CB
8A81B01C2521FDBB80EFF7E0697995196337CEC627BC9CF68CD07E1385359275
C:\ProgramData\Microsoft\Windows\WER\Temp\WER110D.tmp.xml
false
BD4C4D1C2D178201B210F3232F579AA7
4054FBB95D1509647774AF7861759C4957300668
5BE01AEB609502CD0D3F0B665280555FEC363519E488364BDF1478A5708B98AB
C:\ProgramData\Microsoft\Windows\WER\Temp\WER747.tmp.dmp
false
81784F986C251801998945F25F9F1596
9A1C1617CD8EEE41D6FCB0196E2228F267456999
5F145465162E5568CCDAADA9B232D48CA439B2BBAA54033664A841EA983211EE
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4D.tmp.WERInternalMetadata.xml
false
7A305581E9CD501E9E74F1F75A83494C
F78406D8117B4E4ACA3464EB31C18F6E756BC5D7
D9E3B50901899C276A4DAFC281D5F601FDEEF9497AEFE4DD9A81BB726CCAB894
C:\Windows\appcompat\Programs\Amcache.hve
false
B7EF2E84C38B892A92DAFFA1CF79B2DC
72CB6C55844EB597F91ED0E344A76A040F2883A6
5037295BF78701F84932B0E003DC5BAE82DD24C8C88F2CFA3EF1B8C38C156BE8
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
5A328D1BCB75D088428D8FBFC4F31E0D
E931C0C197B38575BDCEA151CB5F42250721DE8F
5F9A3CDC8BFEDF1710693C4F00387FB64D144AF4336BBF12AC7A22C44E5EB122
185.4.135.27
85.10.248.28
80.211.3.13
144.91.122.102
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration