34.0.0 Boulder Opal
IR
548725
CloudBasic
11:53:07
06/01/2022
9095.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a7408cf2d8a68c9d621f04510d013c25
06710b16a700b2f86ec7b77204b7d132a83a34f0
67ca5cc17611a5292c116f492af8a96caebbe3539e3744daaa1f1c1a5cf72d05
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
100
0
100
5
0
5
false
66.254.114.238
193.187.96.107
592182812.com
true
193.187.96.107
redtube.com
false
66.254.114.238
392184281.com
true
193.187.96.107
google.mail.com
false
unknown
www.redtube.com
false
unknown
Found malware configuration
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Writes or reads registry keys via WMI
Rundll32 performs DNS lookup (likely malicious behavior)
Writes registry values via WMI
Machine Learning detection for sample
Yara detected Ursnif