34.0.0 Boulder Opal
IR
625175
CloudBasic
13:58:01
12/05/2022
PO-19903.vbs
default.jbs
Windows 10 64 bit 20H2 Native <b>physical Machine for testing VM-aware malware</b> (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
WINDOWS
0347b27843d88f73fdcd4dadb95549ac
2a2d6bcd2d83833d501b9695921855e1992f6ec8
1ab3aacaa62faa6a83173e9191972d427aab92f33c527f6964f141e21c930e67
Visual Basic Script (13500/0) 100.00%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
false
282A064FB3F0E58EC10467E027EA203A
B5DCBF5AE67C4B57BA74CA9F614CFB2341F2E62A
86E625B4810E5358AD45B8D99BAB9F94671D39F1424F6E66F1B0661E73E4074F
C:\Users\user\AppData\Local\Temp\OVER.dat
false
DD9476AAE299F8CD938C0948F1F1C984
CB7F30DDE5A14A71FB33FDD8EDECADFBDB59F178
6E63C9314D2B7EEFE27553D57326E4A39DCE0C360CDBF1E5B146C244A0E09EBA
C:\Users\user\AppData\Local\Temp\PTEROSTI.dat
false
3960608F68EE07EDD764386B0A59DEA7
320B86E6D9D4514995C76B8E3C48A40F005C61AD
644C64DED01C16C00CBA0FA07DD55A59D9A55DBB870519E09CA986FD5FE9DCDB
C:\Users\user\AppData\Local\Temp\RES41DC.tmp
false
0D697A4FED65CC871D02BE886114CFC2
C54DCA05D9B3868AA802D8CC21295D6BE3D3CB19
496C3CE0435E6305C01FC2A8D922559FFD9201AEDE442AC43219F5FB0C02B1FC
C:\Users\user\AppData\Local\Temp\Touchb.vbs
false
A962843D9B6CF48DE8842547FB106D97
811BF42C5C506C5F8CC8D960A09BE77BAE937091
274A94BE594E05BE571E43C8199840D18F8FFC1FB03D938A45A8A9DC2590B2F8
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2c23kwp.iaa.ps1
false
D17FE0A3F47BE24A6453E9EF58C94641
6AB83620379FC69F80C0242105DDFFD7D98D5D9D
96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zq1cbexs.zho.psm1
false
D17FE0A3F47BE24A6453E9EF58C94641
6AB83620379FC69F80C0242105DDFFD7D98D5D9D
96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\ppgnlr3u\CSC3E3BD6AE19504271A02C9239AA6C641F.TMP
false
789FC0726AD32271CC7462EB4284EDD1
6084EAA226A2190952393E6D6C32FC34D43D379E
49429559E5B60B3EDA94ECC4160A7C0EF04FE2B967F63A81C9F44F9563C59C58
C:\Users\user\AppData\Local\Temp\ppgnlr3u\ppgnlr3u.0.cs
false
EBEF46122B08728A01A250DF520357D7
D5DB4A89DA7DE1804EF133F7D81D56523044DA4C
65013DE37A743262C3BEB05B409081A5CA852B93F72CA8CB70C83AAB0CE09F7C
C:\Users\user\AppData\Local\Temp\ppgnlr3u\ppgnlr3u.cmdline
false
25C1DEA17960CAAC0387294B7B09B27C
61671246D0E746A051BCFB22703403FD732C633F
65891E3CBB8205A583A1D3496AE355DB0D6C87293EECC6852AC09628C773DE6C
C:\Users\user\AppData\Local\Temp\ppgnlr3u\ppgnlr3u.dll
false
096F9F5031157309DD27175D10A61229
4BBA95BF76B7D0A18F679A265ED01073424B5D20
4928EC7341EF0634A82D3B34754CD59342A72B9C90ECA5810ED211A4BFB1786D
C:\Users\user\AppData\Local\Temp\ppgnlr3u\ppgnlr3u.out
false
6BE78BEEDA948F094B733CD40AE5BFA7
1F043CE3260533211EAD482A960BA7CD3B921A2F
1082F9CE64C6337C4D66382B89E91535AF198943A86CBCDCD34E5EB7C84C0FDA
13.107.43.13
197.210.226.45
197.210.226.89
148.66.138.165
194.5.98.59
l-0004.l-dc-msedge.net
false
13.107.43.13
toshiba1122.duckdns.org
true
194.5.98.59
vegproworld.com
true
148.66.138.165
toshiba1122.ddns.net
true
197.210.226.45
onedrive.live.com
false
unknown
jgdbpa.am.files.1drv.com
false
unknown
http://nuget.org/NuGet.exe
false
unknown
http://pesterbdd.com/images/Pester.png
true
unknown
https://aka.ms/pscore6lB
false
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
false
unknown
https://onedrive.live.com/download?cid=7EB674A88CCF381D&resid=7EB674A88CCF381D%21126&authkey=AKOI304UDXKDuEA
false
13.107.43.13
https://go.micro
false
unknown
https://jgdbpa.am.files.1drv.com/y4maRwf2HHiC3pXkJNQF9GW7D5PTiYgoa5jSqqmo4o-s2nHza5cDyEK1j43pCU9Ua1Y
false
unknown
https://vegproworld.com/:k
true
unknown
https://contoso.com/
false
unknown
https://nuget.org/nuget.exe
false
unknown
https://vegproworld.com/rj-$
true
unknown
https://contoso.com/License
false
unknown
https://contoso.com/Icon
false
unknown
https://onedrive.live.com/download?cid=7EB674A88CCF381D&resid=7EB674A88CCF381D%21126&authkey=AKOI304
false
unknown
https://onedrive.live.com/ndows
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
https://jgdbpa.am.files.1drv.com/y4mstf71DnOKqqDiI505gr5x-9GCiHWv5DdrHG7ALTidojrV4lxxrd7sQ3eLTcarbaq
false
unknown
https://onedrive.live.com/:
false
unknown
https://github.com/Pester/Pester
false
unknown
https://vegproworld.com/wp-content/Touchb.vbs
true
148.66.138.165
https://jgdbpa.am.files.1drv.com/
false
unknown
https://onedrive.live.com/
false
unknown
Found malware configuration
Writes to foreign memory regions
Tries to detect Any.run
Wscript starts Powershell (via cmd or directly)
Multi AV Scanner detection for submitted file
Potential malicious VBS script found (has network functionality)
Encrypted powershell cmdline option found
Very long command line found
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Uses dynamic DNS services
Yara detected GuLoader