34.0.0 Boulder Opal
IR
553378
CloudBasic
19:31:39
14/01/2022
4NBdOVqTyL
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
2b23fdac0d28360136a616b2803c286f
5e730fa1ccfc04c44a34fd385dadc3d03d72d9b3
cd5cb5b1c82dd0f301aac47ab966f00b4abc69a24a6a8c789ee7362a2c128537
Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
true
false
false
false
100
0
100
5
0
5
false
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
false
BF1DC7D5D8DAD7478F426DF8B3F8BAA6
C6B0BDE788F553F865D65F773D8F6A3546887E42
BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2
C:\ProgramData\Microsoft\Network\Downloader\edb.log
false
55686B32674428642BBC795D959857EA
D8F1BC68B500849E80E98744DFF796EF0889F274
A9CD587E2411E1AA24BBE9E2171E9CB75C047953C263320C850B36894F18D4C7
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
false
9FC4FEC6A7BC4CEF63BFA6D9B86BB987
87A4CC250167CA4D7BD0CEDBCF85CBD9248948BC
CBD67808BC18D3F7DC6476D2D7F652AD74DC2E2E5F392D88EABC62588DCEFBBB
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
false
C2B0D7F1250DD8E20FD91D401E0531E0
C444C0C78C44B7158DDBCD3AD2439A7CA0D18903
33AFD3B366529D403F2946C14F39BE5190F789B9401B615680F3F4DE4A9CC36E
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_1c231079c1eee0bd6cde4039f77d852b16453f3a_7cac0383_0cc6464d\Report.wer
false
BB4B99D405692C46A14C803E0900C7A6
3AF2DEEA96C031260C2398DF0C97F29F606B1E23
0323B70581D8F7A943283C86D54FDCFAAF72AD3F2DF448FA7611E45E5F52D52A
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1253.tmp.csv
false
4B8EAC1DB51195E040CCBA76EDEE61E1
3AA308A718DD8D9676D0D43B731F7269778C292D
853F6BDEE9EE00C836A8CA2B73BAD763530C295CF67111A97B0FD3D6872D6A68
C:\ProgramData\Microsoft\Windows\WER\Temp\WER18FB.tmp.txt
false
DF90D7A1471C9A47867DB77871A9435B
49987F21AE601D9D235F85FF3F5152165C66DDB6
16E820472FA9BB609306FA51745C655FFE167E17BCABFFB84569CC7EA150989A
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3045.tmp.dmp
false
29A612CE84AC47FA35E4D98A7C1C26A2
BCCA78414A2AD7E0BDCBBF15AE56A65F63E1EA7C
B3D3FA09280C1C1A5558DCA693343E98D295A5E7851EEF6C9CAD5CD38088DA3D
C:\ProgramData\Microsoft\Windows\WER\Temp\WER367F.tmp.WERInternalMetadata.xml
false
6EE214D2730130B59E38960E3B18746C
468D7D69E2B5613006A276879D4249354D3E45D3
6FBFF4D9451F13EDDEEE8078AC902AAB613223B9B2D537066E3D48E73E407245
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AF5.tmp.xml
false
7B05A9EB5BF8B4F035A087F2164F9AD9
1730909832988505691C3E946BDFDC2931BD6AFB
560C858943AE6BE4B555A6A7EFAC25C981D475F824EA234184BE1FDF13A057E5
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
ACAEDA60C79C6BCAC925EEB3653F45E0
2AAAE490BCDACCC6172240FF1697753B37AC5578
6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
82BFD5476A02AB3CEB5DF1B89199273E
FF3097527830DCCBA32C17559010963CF7D58196
0B73615D826682F7998580900B4041A2594CE277C4BE64B28AAA2AF1B1D856AC
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
false
DCA83F08D448911A14C22EBCACC5AD57
91270525521B7FE0D986DB19747F47D34B6318AD
2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
false
6E940B12B18E836E87AB9AC520D4EE40
0922F9CACAC95835DFDE82F826D431387E6E2885
25790EDB7F5805CE0154F57E32507A63461D54E50F74465D962636C1DF440D1C
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20220115_033259_038.etl
false
F329110B10B665A14EA2F28B1DDC3253
D3BE41460CD5DE843AF1FD4299A3CA16E8B16F39
E65CB23B920917FAE150408855C0A5D2FE79EDADB318A0D23438DF1DF5C63182
C:\Windows\appcompat\Programs\Amcache.hve
false
85338E02E4C5D4045493B837D3142D71
502265428823535B0A7F8FD98BD082B81863BD03
707584926ACB800EC190BB243CED094A93D9BC9E24AF756E44F9A8359FFA48A5
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
4C13D5EE6A73A620C968B707DEF35488
0A6241F39FDC15EE7BDE6C7AB5CC7BA2DDE5117A
A8B59C186AF456DA868CA5605AD7ED2A4F8EE67CC6BAC51F3AD3EF37C6C3DDB4
207.148.81.119
104.131.62.48
192.168.2.1
85.214.67.203
191.252.103.16
168.197.250.14
66.42.57.149
185.148.168.15
51.210.242.234
217.182.143.207
69.16.218.101
159.69.237.188
45.138.98.34
116.124.128.206
78.46.73.125
37.59.209.141
210.57.209.142
185.148.168.220
54.37.228.122
190.90.233.66
142.4.219.173
54.38.242.185
195.154.146.35
195.77.239.39
78.47.204.80
37.44.244.177
62.171.178.147
127.0.0.1
128.199.192.135
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)