34.0.0 Boulder Opal
IR
553354
CloudBasic
18:49:20
14/01/2022
hPJnda9rBy
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
56c2941eb73ea59306cc9d2a6b15974c
8d483f2069955ae7a3f7e70e6dafa2641cbf4a75
7caa923401ec9a16969f0b37225b77cd16c6923abff2eda76f1fa9a35bff2879
Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
true
false
false
false
96
0
100
5
0
5
false
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
false
BF1DC7D5D8DAD7478F426DF8B3F8BAA6
C6B0BDE788F553F865D65F773D8F6A3546887E42
BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2
C:\ProgramData\Microsoft\Network\Downloader\edb.log
false
480F1D8F507E6F3F9FE0B7A4A018C8F7
AC93D87E2C4C645026D7D5A3853870BCB9139E41
1A525D00790F8EB0418D255015F85E171DA4496889C17690C5D6F4E541D0157B
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
false
B9976BD699FD40EC2597214BD70D42DB
85B44DDF230461CF51FDA956563B716D1A7C8058
A541FA8B6CAEC46F6DC533C32077CFF305F7DA4AE567BA7439C657227182B072
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
false
BB6FF757E36C514FC9BFB6F5A097860E
721D7CB22C57D2532090EE19CC75F1F9465D6986
C20C401E05EB6CD262D23FCFBB0F822315049C9014AEF90AD1CCA38098490ED9
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_d422a667165d65114742feca998c4f65a16c35b9_7cac0383_1be2745f\Report.wer
false
70384C8F40FEF1CB13FB622793A064FB
C6015969E6BF416C80AC5660B550C2BE10FF1891
263C1DA703EB7FF99381640F8D213430787C3020C9C279B5B1949989FA3D6601
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16A.tmp.csv
false
972E6872AB588C93A987C3763E8FF60D
469DE7754D1563A0B903028C48196772537AE3D6
6E6705CEC01CDE97A616E314CF92D1934FC18086BBC5EE05D80687041CA6F807
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B88.tmp.dmp
false
D2FE87042ECA1FD35C67B74A136F7340
1B9E8F2AFA839EE6F7EB0C744C0AFD9B90A93B39
4A5B8952BEFDDA27286F771870F572FEAD94EB322241D406095A0F26428D53F5
C:\ProgramData\Microsoft\Windows\WER\Temp\WER61D2.tmp.WERInternalMetadata.xml
false
3D73E97743B6D71D2CE7E360CE83B0E4
6DD1CA01E57659066B0FDFEF68A519CF384B1332
AD05D6019F5A76DA135A8C73DF6D475452D1C1DD3C6B5D2864D3104CB459E909
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66B5.tmp.xml
false
35AFB0959F866102EFCEF8CFB03D7CF4
102464CB0E6D372AA1B96AF55051D6CF0863F25F
7EE8969FE2312FBD972D2DBD7763819ED689B01319CE35DF07833E3A0824C281
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FD.tmp.txt
false
CDF93CF01FE266D9413C5F468E72D0BF
81F0302DD34173F096751DD7E3E8C10154311CAB
9E3B6B144B3D88BE0FCB92968B6168E559E3A2CA48275604F127620D4CD144E8
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
ACAEDA60C79C6BCAC925EEB3653F45E0
2AAAE490BCDACCC6172240FF1697753B37AC5578
6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
C825C3B963A4EDD130C1ED69E8DB5165
939347D739FBCACF514F706123325C83A45C6EFC
9065DAC879286F740D2C31A7807B7474A9C9A783133236919FCA9AA27B447811
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
false
DCA83F08D448911A14C22EBCACC5AD57
91270525521B7FE0D986DB19747F47D34B6318AD
2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
false
9DAAEF8A5E401B4B4FB8E40C4209D947
C57BCC0397D823196CF033FB9EBF4DE4EFC98379
E507D467ED93E99586D91585D7332A90E76ED9FEF80170D5856AD69776DA2586
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20220115_025036_670.etl
false
E61B2F014940B7E98E976655C4904B64
E4807D63E9488F9E15ED5C0F14DBBD1A4FD691CF
67889112EB75B5283A7437C528B12CD463875865559C2C6F169A0B2900E3A304
C:\Windows\appcompat\Programs\Amcache.hve
false
30895F1B808AF0A0F36C9AC8DC3C8DA3
96292AAA73F88F5D6D630B0C98F88CCB61FDB4BC
2FF4438EB94E16380307213D04B64CA20A8A91816EBD3CEA50BCDF15E2DE866B
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
B5438EDFDB8F0C941C2FDB4C839F2277
FB6C2BC358A72FC4EA19B0E932D2DA10BBA84A75
FE1E867A5EC16F5C0202213154038F4862BB97EE81A7A23D12BDD57E7E36EE2C
207.148.81.119
104.131.62.48
85.214.67.203
191.252.103.16
168.197.250.14
66.42.57.149
185.148.168.15
51.210.242.234
217.182.143.207
69.16.218.101
159.69.237.188
45.138.98.34
116.124.128.206
78.46.73.125
37.59.209.141
210.57.209.142
185.148.168.220
54.37.228.122
190.90.233.66
142.4.219.173
54.38.242.185
195.154.146.35
195.77.239.39
78.47.204.80
37.44.244.177
62.171.178.147
127.0.0.1
128.199.192.135
windowsupdate.s.llnwi.net
false
95.140.236.0
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)