34.0.0 Boulder Opal
IR
623396
CloudBasic
14:02:15
10/05/2022
WWVN_INVOICE_8363567453.vbs
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
9f8e253fd51c33a2f874942ebc0d3795
6868a9005489e56542cf0df063985132fef50f3d
c33e4e9bf305cec123840dd87aa84c6d71e68ac82ea039418e1b8be3ed791b37
Visual Basic Script (13500/0) 100.00%
true
false
false
false
84
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\Hetero3.dat
false
7F53C5BDB8BE10B4244A89D5B4580B53
A2A3BF3829D0311E3BCC981D98B7FEE88B830055
13ACE3214FB2EB0AA56526DBEE9510E1ED2B1F1D051D9FAB5FDC7D01DFE964F5
C:\Users\user\AppData\Local\Temp\RESD70A.tmp
false
0D8D76FA667A3F8B0687A9F384D756B0
8614EC251CE01FB0A370C2EDCA5E634916860355
2F076029190E1914DB9F290A1DA8A2FA2BCD62752D2E8EB675889B05806CD0D7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ls4gwl5e.umh.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ux2laugn.p4m.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\nmk1nqgs\CSCB6EACAC7C331481095CED6A2215A0F6.TMP
false
345F5C65922506673A34037D153A7DA4
7AB5F7D82265424CAEDF5A4A7BAC99D00B6FDA38
C728C7B4C4B4C02444860EF38AA7DBDEC755C6D2BAC10CA2B60F4E4029A628E8
C:\Users\user\AppData\Local\Temp\nmk1nqgs\nmk1nqgs.0.cs
false
EA505B82FAD07E00D99FD3C7A36FF79A
68B8F59916AFB004F83158D741B1C75E02F2E83B
AC0F5F6D3627B4F5F33695E43875609817401A6BF61B88B7193600FCC07AD50A
C:\Users\user\AppData\Local\Temp\nmk1nqgs\nmk1nqgs.cmdline
false
CF8F3B8A426D47F4EBA71947E3CC3904
08FA86AB97DC7A7432C203B73D2817E266540108
7F74A53C1BB6DD79654B06C9332F2B1C1015704AF74127C2CE8BCC3FA9A2139E
C:\Users\user\AppData\Local\Temp\nmk1nqgs\nmk1nqgs.dll
false
1058A8205AC63E740D8DCB2C632B3310
6E2D1A45BD2621E63D954ED1BF2E257EDC921CCF
60BD4F36DE269F0677599366AF5B4A74A063BB6A15889A71D41787CA5E55648D
C:\Users\user\AppData\Local\Temp\nmk1nqgs\nmk1nqgs.out
false
3A2D7F6891BF83D9E3C331E3989D5203
45F3F9385D677B2B557FF75006156368CBCE87DD
C0B0DC29080260EE261192AD094675D1448619BD81A23C44877247DB46826682
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
https://go.micro
false
unknown
http://barsam.com.au/bin_FCWtLoO90.bin
true
Found malware configuration
Wscript starts Powershell (via cmd or directly)
Multi AV Scanner detection for submitted file
C2 URLs / IPs found in malware configuration
Potential malicious VBS script found (has network functionality)
Encrypted powershell cmdline option found
Very long command line found
Yara detected GuLoader