34.0.0 Boulder Opal
IR
544257
CloudBasic
00:20:13
23/12/2021
SecuriteInfo.com.W32.AIDetect.malware2.10228.10333
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ce624816acb99a24ed7adc77bb514136
d971e7c7b278859c3a28e3aa0e8c1e3c90e6f86e
af49104bb708fe05b3b491d74e8219a57c20a45a128b3b0477d6b4035560a200
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_679a7d8d20d369749e733f7a1173ad271ef1b68_82810a17_194eccc1\Report.wer
false
FE1105B92DEC1508FCF74B76E5A11B5B
07F676965B966441880356072C53A652B30CDC14
8C1DBF9DBBFE60E6836F2762FD0D784CD6BEDEFF3E2476374E070EDA010E007A
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2248.tmp.dmp
false
FD2E9994A8DE5AD87F3CB742FFD555F4
56E0691F7126F458D7ECCCE000BD6DBE157F5F7C
0BB64E107650F8BA84BED9EE4B90AE841F1F7B2B15D0122D0BAD8072C31CA4E4
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D07.tmp.WERInternalMetadata.xml
false
AD1DA9DE49D4774BDCAFB6C2AF754C22
95DB8F2ED0CC911DE3325291637CEB215DE9EE94
711A31E610D9927AB855EA3BF8F33578DDE035470B8432B1CC27E001F9E813CC
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3219.tmp.xml
false
6651AD79418DF85832BCAE552EB3AA63
F7367F55418EEEDABD65D34666C1032F075EE8E1
4C002C406E936DF859BC9AD07399C6AFCA78B3ECEF3F6C812218FF177038ED1F
C:\Windows\appcompat\Programs\Amcache.hve
false
693356C775F49212017B1CCC67621067
C8AE772007A2065F30B167C34BA97251DEEF9FC5
3D71679432ABAC054DBE6EDA15017C68CC2CBD957A6CD24BAFFF5DB19C12F2F0
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
3AC54AE44B1357BFFD10DB28C3758835
A8D12B5F6E28A7CF8377DD5072D04294DE971621
187EB7F751847BA62A07CED876AEAB65B0E01B72E2F3FE5F488E87F72D8E80BA
185.4.135.27
85.10.248.28
80.211.3.13
144.91.122.102
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration