34.0.0 Boulder Opal
IR
564921
CloudBasic
15:41:40
02/02/2022
knigger.bin
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f2fdb0f416abda7c5fb8436578f1b6c8
cb35382ae44bc43c1372a21b04fc214885a4d8f2
5e5242e1251bfb745e068b413dab59a74afe94850e1b8d02acb607c50ce63fd0
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
88
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_88c9a135c9b22294e84c86e44fa262283b2da9a_82810a17_122904ea\Report.wer
false
712EE66153C612FE2A7AA6FC985729BB
B2F7C3ECB750E05424B4C957D68274D3FBBBDF71
CDC3F05FCC52A9B300B6900A17CB140EF99075A89FB41C31B2C096B8937432F1
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4EC.tmp.dmp
false
F4EE02EFEE8AD69BBF3A906A0C9CDF5F
BAD07B24B1C20FD5DBF3C176BD279A5807C2A330
426F7F30254E664E414A1C1D610F2DA89CD567D7E0DC0A4BA1DE9B90EA210054
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8A6.tmp.WERInternalMetadata.xml
false
F2DAD464F90154FCE75F0F86AAF8C0DF
D701FBBFB585419CA5C386089A3DE155B5D14786
371924D06A753B50039AD1197442DDC28CBAC2A1E0BBFBFA0229ECA5562643B0
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA2E.tmp.xml
false
18872478B5333711926B37EA28B1C7AA
FC30FB7334320FF44049BBDF4A27A69E9D495E1E
2D351F4C8F1D06A4B6B2F6EB7004280DB9A8D842D1CED83DD091C807EE312E50
C:\Windows\appcompat\Programs\Amcache.hve
false
F4CBF56A201641BE2B70F2F8AA40CCB0
01A55AA87EFDAC623087B552642C8B4163863EC1
3B215E7FE68D246FD94F347E369FE24E9D71437CA782071395DB4F64D97F13D0
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
752FCD99E5EB7A9761D903827848FC50
AD9F5CF9EC6FB3670EAE8420B08D75059400BDBE
53990467AC8208918CAEE7D1E2FA50D587F7B98BE48A621FFD148BD78B741BFD
188.214.241.242
93.104.209.107
144.91.122.100
5.189.190.214
http://upx.sf.net
false
unknown
http://www.kazanfirst.ruDVarFileInfo$
false
unknown
Antivirus / Scanner detection for submitted sample
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Malicious sample detected (through community Yara rule)