36.0.0 Rainbow Opal
IR
715156
CloudBasic
17:38:53
03/10/2022
pebbles.dat.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
d89521adaf6418e6ebe43b1a1a9d2af9
38cac8495ef43e51cdac1cb5e85d10137b365bee
1965dc57456d4fc01b6ce0f242d80776fe08a16354e6177255cba618348355ac
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
96
0
100
5
0
5
false
C:\Users\user\Desktop\pebbles.dat.dll
true
21928784DA52AB71A60AF59EFA95CDAD
4FF8ECD9B0370614EA0C3D8583A51DF9D2481844
285861283C9DC3F2D892B3CC186AD64CF17217D394B227A70B6C657C39D6568B
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Writes to foreign memory regions
Yara detected Qbot
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Allocates memory in foreign processes
Sigma detected: Execute DLL with spoofed extension