34.0.0 Boulder Opal
IR
548728
CloudBasic
11:53:13
06/01/2022
9092.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
22ad7aee4cfc3c264fd2eedfa3f6beb3
b73e54c5ffe6fd8fd0fb93504127bbf4f7797865
512909d5515902542ba06c0ba311ad15542c9da036a336746ab27b2a53058574
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
100
0
100
5
0
5
false
66.254.114.238
193.187.96.107
592182812.com
true
193.187.96.107
redtube.com
false
66.254.114.238
392184281.com
true
193.187.96.107
google.mail.com
false
unknown
www.redtube.com
false
unknown
Found malware configuration
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Writes or reads registry keys via WMI
Rundll32 performs DNS lookup (likely malicious behavior)
Writes registry values via WMI
Machine Learning detection for sample
Yara detected Ursnif