36.0.0 Rainbow Opal
IR
708244
CloudBasic
07:59:04
23/09/2022
321 Amita Technical 16.09.2022.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a2a924c124bbc597a76495b4fb08f906
7ce1c45be6abf27c1b6f6c33ad16a27c4925e51b
9d45370a27c72436041f3ffb82b0c245eea5191c788b574e9656a23054340a61
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\321 Amita Technical 16.09.2022.exe.log
true
E0F1B7E3E2980062667DDAD219EBE1DE
3FF322345F415F0065DD1C762FDB04DC45F5C235
DF9914B0AD05A6D8A5C1C7D6365867B579FFB6C1B40F8C0B087822AF458BBC5A
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\phine.exe.log
false
E0F1B7E3E2980062667DDAD219EBE1DE
3FF322345F415F0065DD1C762FDB04DC45F5C235
DF9914B0AD05A6D8A5C1C7D6365867B579FFB6C1B40F8C0B087822AF458BBC5A
C:\Users\user\AppData\Roaming\Word\Word.exe
true
EFEC8C379D165E3F33B536739AEE26A3
C875908ACBA5CAC1E0B40F06A83F0F156A2640FA
46DEE184523A584E56DF93389F81992911A1BA6B1F05AD7D803C6AB1450E18CB
142.250.185.164
multimetals.cfd
false
192.185.37.183
www.google.com
false
142.250.185.164
http://127.0.0.1:HTTP/1.1
false
unknown
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://www.e-me.lv/repository0
false
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://crl.chambersign.org/chambersroot.crl0
false
unknown
http://www.datev.de/zertifikat-policy-int0
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
http://r3.i.lencr.org/0W
false
unknown
http://www.fontbureau.com/designers?
false
unknown
http://www.jiyu-kobo.co.jp/jp/M
false
unknown
http://www.chambersign.org1
false
unknown
http://www.tiro.com
false
unknown
http://repository.swisssign.com/0
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://ns.adobe.c/g
false
unknown
http://www.goodfont.co.kr
false
unknown
http://www.carterandcone.com
false
unknown
http://crl.securetrust.com/STCA.crl0
false
unknown
http://www.carterandcone.com.
false
unknown
http://ca.disig.sk/ca/crl/ca_disig.crl0
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
https://www.google.com
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://www.certeurope.fr/reference/root2.crl0
false
unknown
http://www.disig.sk/ca/crl/ca_disig.crl0
false
unknown
http://www.jiyu-kobo.co.jp/1
false
unknown
http://x1.c.lencr.org/0
false
unknown
http://x1.i.lencr.org/0
false
unknown
http://www.jiyu-kobo.co.jp/n-u
false
unknown
http://jtKsKM.com
false
unknown
http://www.monotype.i
false
unknown
http://DynDns.comDynDNSnamejidpasswordPsi/Psi
false
unknown
http://r3.o.lencr.org0
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.jiyu-kobo.co.jp/s_tr
false
unknown
http://www.jiyu-kobo.co.jp/(
false
unknown
http://www.carterandcone.comV
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.jiyu-kobo.co.jp/#
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.carterandcone.como.
false
unknown
http://www.sakkal.com
false
unknown
https://api.ipify.org%
false
unknown
http://cps.root-x1.letsencrypt.org0
false
unknown
http://www.jiyu-kobo.co.jp/Z
false
unknown
http://multimetals.cfd
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://cps.letsencrypt.org0
false
unknown
http://ns.adobe.cobj
false
unknown
http://www.ancert.com/cps0
false
unknown
https://api.ipify.org%appdata
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
false
unknown
http://www.carterandcone.comlt
false
unknown
https://www.netlock.hu/docs/
false
unknown
http://www.jiyu-kobo.co.jp/D
false
unknown
http://www.jiyu-kobo.co.jp/jp/
false
unknown
http://cps.siths.se/sithsrootcav1.html0
false
unknown
http://www.carterandcone.com.m
false
unknown
http://www.fontbureau.coma
false
unknown
http://pki.digidentity.eu/validatie0
false
unknown
http://www.fontbureau.come.com
false
unknown
http://www.carterandcone.comg
false
unknown
http://www.carterandcone.comm
false
unknown
http://www.carterandcone.coml
false
unknown
http://www.carterandcone.comk
false
unknown
http://www.certeurope.fr/reference/pc-root2.pdf0
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.disig.sk/ca0f
false
unknown
http://www.carterandcone.comx
false
unknown
http://www.jiyu-kobo.co.jp/jp/(
false
unknown
http://www.jiyu-kobo.co.jp/voit
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://www.jiyu-kobo.co.jp/es-e
false
unknown
http://www.jiyu-kobo.co.jp/adnl
false
unknown
http://www.jiyu-kobo.co.jp/i
false
unknown
http://www.fontbureau.com/designers8
false
unknown
https://www.netlock.net/docs
false
unknown
https://www.google.com/
false
142.250.185.164
http://www.zhongyicts.com.cnI
false
unknown
http://aTvxhlG42bxITzBzC.net
false
unknown
http://ns.ado/1
false
unknown
http://www.e-trust.be/CPS/QNcerts
false
unknown
Yara detected DarkTortilla Crypter
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Machine Learning detection for sample
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
Hides that the sample has been downloaded from the Internet (zone.identifier)
Moves itself to temp directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)