34.0.0 Boulder Opal
IR
635800
CloudBasic
19:42:26
29/05/2022
hBB2KnTndI.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
b413ff6e943c415afc26640ff535c724
fcc13d52bf28416f3b8a594d58113fd8828a4093
7ff0ff6e51a58398ad73da3cc8e7e6233a23e49d93aaa4b190672e4f9f08b9bb
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hBB2KnTndI.exe_ad2fc02f1e967b8af8cf5fed27f1f4916534b2_362a01e9_1b4c45b6\Report.wer
true
F49AA2CE34201C0ED4C6DC7E2580B784
94AE53C0212FAF3261D369EE8A0350552D1C4F60
F9FEEC72FC0B01B4633E664EEB02CC6814AFDF2B02B091CD8618E5F7EFBFBC23
C:\ProgramData\Microsoft\Windows\WER\Temp\WER325D.tmp.dmp
false
69ADA93D12ABB0E7C95863E57644450F
23B31CC845750963355D8E4660D81C46008008A1
2EA59657AA7702D7A3BC07DA5AF7FF2B8308E8773A19679275F97FE4ABDE4326
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36B3.tmp.WERInternalMetadata.xml
false
27A6D542C4C16DC1970A3F52A30DDC6B
D2CFB22FCEF5BECA746739AF241D23EBB41ABBE0
4DACF9F643C7197F00BF93F42F1412C6E8615F440964804A4E9DCD97CA505B50
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A6D.tmp.xml
false
A8031E7E8BF09A8436C1A691EBDF881D
851D82DCE40546C019AA67F0C915511A25FBF8AE
75DC3A49DAAB91D935325967AD398B780C096D71F941C53D0ABDD70616C70974
C:\Users\user\AppData\Local\Temp\a10b8dfb5f\orxds.exe
true
6807F903AC06FF7E1670181378690B22
901EC730ADC4A7C8531E8DA343A977E04FDE8B03
115D04150F524C103CA08E18305B0B103A3767336E19404235D2017F4B233CE5
http://gcc.gnu.org/bugs.html):
false
unknown
Writes to foreign memory regions
Yara detected Amadeys stealer DLL
Multi AV Scanner detection for submitted file
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
Contains functionality to prevent local Windows debugging