34.0.0 Boulder Opal
IR
626604
CloudBasic
15:27:26
14/05/2022
fooYgfbxno
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ce42fe431b88922ab59b6fd880cadcf6
652914d960da1d37d270db7f6e3b07c9d4b0e3a9
4d8cc87942499042195cec4fdb2fc5869d4bf98a1d827fd30fb74e82cf0fdc0f
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fooYgfbxno.exe.log
true
9FEAEEB3F595D644B8A003CA116508D1
E2A4B06B16147F0C77AE2839DF37E9FFEB645DBE
37C92A24F9BD9FBF354209FE9DDA880B5B9C117F2CC863764EFD7F303548696D
104.21.89.61
185.68.16.179
213.186.33.5
209.15.40.102
61.14.208.3
206.189.50.60
lotsimprovements.com
true
209.15.40.102
www.huvao.com
true
104.21.89.61
www.chambaultfleurs.com
true
213.186.33.5
www.xn--hj2bz6fwvan2be1g5tb.com
true
61.14.208.3
www.hofwimmer.com
true
206.189.50.60
www.mentalnayaarifmetika.online
true
185.68.16.179
www.myamazonloan.net
true
unknown
www.lotsimprovements.com
true
unknown
www.zyaxious.website
true
unknown
www.doxofcolor.com
true
unknown
www.xn--ekrt15fxyb2t2c.xn--czru2d
true
unknown
http://www.chambaultfleurs.com/ocgr/?lfvx9=JFNTlvkP_&P2Jl4=TZNys7210trfg8O8WBMuzy6C02I8maceBl4kNVlEZuNH+N4fd/TFP34Py3WDgrqbJJxT
true
213.186.33.5
http://www.lotsimprovements.com/ocgr/?P2Jl4=o9xz2vqcTVXu/W078IUcrzT+VrP3S9wZB9suAAi9fTl7LQCsWydvJWt3Uuk2q/fLQQGI&lfvx9=JFNTlvkP_
true
209.15.40.102
http://www.xn--hj2bz6fwvan2be1g5tb.com/ocgr/?lfvx9=JFNTlvkP_&P2Jl4=zPygAtD4LGfbsOxaPXlKDZlA/HZsirEX7sJv7vNHedMyDqAMsgZk6w8aA/BuIJhq09F8
true
61.14.208.3
https://adm.tools/support/
false
unknown
http://www.huvao.com/ocgr/?P2Jl4=1BqqsZcQDAJnvcG+ktWW1SuLtWUnTVqW01xF9ocnHpFG4dYykDk5mjpX7chd6+Nfhcmp&lfvx9=JFNTlvkP_
true
104.21.89.61
www.mentalnayaarifmetika.online/ocgr/
true
http://www.mentalnayaarifmetika.online/ocgr/?P2Jl4=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJh8W0WW05dhF&lfvx9=JFNTlvkP_
true
185.68.16.179
Sample uses process hollowing technique
Found malware configuration
Maps a DLL or memory area into another process
Writes to foreign memory regions
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic