34.0.0 Boulder Opal
IR
545442
CloudBasic
17:16:09
26/12/2021
G7ABVJxc3Z
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
47c59530065e8e7e05a855879bf8a922
8fba3ea2428f92e8dc8497514d0817b54edc5be0
e4db910a4147ac44bef76f71e6b0d6bd193b89a6268dda35f3b1c210cc111fe4
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
80
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4d42c1f24c11b6c9a2fc199d7a28c798fe9e5a_82810a17_186b5001\Report.wer
false
401120BD53CCBD27FA259A5A52A3B527
4596D5B1A4E845A3F197CC484016933EE39F053B
9ACF262A25F29DC412E7EF650FB5129BF8A83BA25346941AB4576C27CC5E841B
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_dd9d398ae70aa8478325646a49f7ebef948b8_82810a17_1a2b65ac\Report.wer
false
813D9ED5160FDC9DC97A0733BD09DEFA
0EDACF88A19E42498585027B63F2EE406A5F4D6B
90F83440A54B694266E424BCCC282115E2D58B65463B7AED5F957CF6DE063CF4
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3834.tmp.dmp
false
8D957DFDA180AE260476B920731DF1E8
4063564332B2114FEF43A3513EF5EB14C2A4C0E2
DB82A80D9E633482F1CEB4F6C59E9D82E602F57B3EB1A09365ADB2824E82085D
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FD6.tmp.WERInternalMetadata.xml
false
B40D89CECBEA01237E460AD07AE18016
59A60AAD0409CC31DFAC7C9AD4E464EC27D06395
E40741C64433C448AB90964E400B18CFD2B5A107343C5A427F3CF0BD56A679EE
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4296.tmp.xml
false
C5CF0B967CC9D989DA37F35B67E7992F
39A7ADFBD15634540DFEFB05289FB2D46C146592
8DE1787CE5CE6B747CA105A50B4B8B2DDD3F4B267BDBB4D8B6E206818DA1742C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER47D4.tmp.dmp
false
DD45119DAC9E4E0D06E04E22832EA9A6
077F7F9F6EAF38DD545DA6F65630AE8FA53500F0
6EFE0206D8993F95D9C715AF46D45FD4184353942B2F9373092AAFC6B59227E1
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5293.tmp.WERInternalMetadata.xml
false
BB8F1E2BEC9E477562A1A05CB781630C
BBD8B07D8B421A0579A0E24A43FB2D53BB0E5909
84894CA197D9856A092B6DED52985951FB5DA8CBA16AC6250705567245DDAC4B
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5582.tmp.xml
false
6D0C30D7278211F13828F8D66F139E16
5DDC9DA28F30D98DFF13C1EF52155DA35D362903
4F4B967F276F89EAF29D855F46F44E69368D0A98E93673AABFA1FA8DCF08C2B2
C:\Windows\appcompat\Programs\Amcache.hve
false
F514F98C70C438A62868CAF90AB1F6C6
2D897951CA34A68FB2621F0E7288B41F18E97A0D
F3BDE70C72EB661626133028E0E36BB7C4114017E3DF4DB5A5AC227FD884224B
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
81F3B3B999E7D2106B3C662761629020
2713968EA0F3C7D447121D0575504D5EF3D6B1A1
38A46989C5B5E7FB9E5D01A2DB5276E6EA048D314F4EA81D05EA380AD5258F52
162.241.33.132
192.168.2.1
104.36.167.47
217.160.5.104
188.40.48.93
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample