34.0.0 Boulder Opal
IR
553389
CloudBasic
19:48:48
14/01/2022
YBfn5E3Dlw
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
038f9a9d5b96733a9b3030cfbe4e4535
3b8a4b81f0b06514188e4f935d5f4b0858b93806
d46762ba155e3345baf5d9e9453e6cd8e0647438693abddf34f98ae8d6bd436a
Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
true
false
false
false
92
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_12a180e49793e381a8b848106c2e1caa7a6a4277_7cac0383_18a51c8a\Report.wer
false
F6F986B555349D70EC66E15ABCC41890
5C2EF2932A1F16307AC18951CBACD3F50151C05F
4D9F534FD2F77A71E36EA3A820599F7C5B4489D1D32039948B965D53AD59414E
C:\ProgramData\Microsoft\Windows\WER\Temp\WER355.tmp.dmp
false
7D5D469A218004033CF0ED3664400CB8
C4EE2D5FE696E1BD6F71C0E0DD8DA2F3490A1A5E
6EFF54679F3143D50E0ABD570796F215A314A2C9944755DF38223084BEEFEC85
C:\ProgramData\Microsoft\Windows\WER\Temp\WER961.tmp.WERInternalMetadata.xml
false
0E3B556676E1972AF45F6860569A4348
CCA48B9EBB72F6FD774F8A5B325A3F3E01F2CACC
75B3330CE4091AB2C41009973760A92D19547054C547DA848BB949965346C191
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE44.tmp.xml
false
032926C5777B8A0C1B4AE5FD2E6341A0
40E9C560877A7DFD13F7B873DB21A94969A4A750
8A52CE09864457C05D2CFFC21719F2D4FBD93C39AC133CE67772F37C1192E695
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF761.tmp.csv
false
E774D2B8707457EEF38FFCD785616182
D5368EC392C150B5C1D2C5601A775ACD0A3F0E1D
77A23CBC153EFAC355ADC08F9839A27BE6B22F69C013158BD4140162E57F60DD
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF61.tmp.txt
false
548F7476594C65B2D9A44ADBE265DD3B
4D81020E8B908AA93E7BBF9B4727F6F4EE2EA264
C6AF5658B1289EA4A6A4A33E9CD9BFB885277974F2741F5D2EDC54DF3F3F340B
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
ACAEDA60C79C6BCAC925EEB3653F45E0
2AAAE490BCDACCC6172240FF1697753B37AC5578
6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
F265C930EF44E6ACBA853DC0EF3CCA52
98DBD62394E3FAD572DEAABAD08BF56A2F355F03
A51CCED759A41167FA135BF13E26467986C030908DB1B708157F0BD073DA6EDD
C:\Windows\appcompat\Programs\Amcache.hve
false
0F7E9389B8352594A1D1DA63202D5E76
B8D01D1CAB800DBB068758A3FDA30883C526A6B3
C688CB041A1A6F2729B4E4EDBACD0CDC07632B2136EF3D45501BEB791B1D9620
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
E0EE0560CE5C8770F5E1AE82080874B1
DBB38E3F880FC4E4EC56BBDA55EB1E633C274E75
35AE4F85D7E0B29E096DB29EAF98B81BE8536CF0734CEDDD3847B7CC5D65DD7A
207.148.81.119
104.131.62.48
192.168.2.1
85.214.67.203
191.252.103.16
168.197.250.14
66.42.57.149
185.148.168.15
51.210.242.234
217.182.143.207
69.16.218.101
159.69.237.188
45.138.98.34
116.124.128.206
78.46.73.125
37.59.209.141
210.57.209.142
185.148.168.220
54.37.228.122
190.90.233.66
142.4.219.173
54.38.242.185
195.154.146.35
195.77.239.39
78.47.204.80
37.44.244.177
62.171.178.147
128.199.192.135
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)