36.0.0 Rainbow Opal
IR
722131
CloudBasic
08:47:09
13/10/2022
EJ6FBXJ9Dg.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
5949348fedecc598cdbce7072639231f
a9a614ecb4871b57da47b32ce572c46493de6897
2fffec7d345d16c2480ea2f3f2e046e220488486c81cf7e1c14adfab890ec0b1
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\2If3OY9WA2aU
false
5F02C426BCF0D3E3DC81F002F9125663
EA50920666E30250E4BE05194FA7B3F44967BE94
DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
C:\Users\user\AppData\LocalLow\freebl3.dll
true
15B61E4A910C172B25FB7D8CCB92F754
5D9E319C7D47EB6D31AAED27707FE27A1665031C
B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
C:\Users\user\AppData\LocalLow\mozglue.dll
true
F07D9977430E762B563EAADC2B94BBFA
DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
C:\Users\user\AppData\LocalLow\msvcp140.dll
false
1FB93933FD087215A3C7B0800E6BB703
A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
C:\Users\user\AppData\LocalLow\nss3.dll
true
F67D08E8C02574CBC2F1122C53BFB976
6522992957E7E4D074947CAD63189F308A80FCF2
C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
C:\Users\user\AppData\LocalLow\pU97tg112OjD
false
46076967A4692D6323BCBDAD8532DA6A
A2C61F0EAECF8C2D126FCF82828808B78291E582
BFA77719DCA9C4C92B38BD8A23C9DD751B82DB0F21620E6937C4F97AECC5536B
C:\Users\user\AppData\LocalLow\sF9O6f0cCdbK
false
CF7758A2FF4A94A5D589DEBAED38F82E
D3380E70D0CAEB9AD78D14DD970EA480E08232B8
6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
C:\Users\user\AppData\LocalLow\softokn3.dll
true
63A1FE06BE877497C4C2017CA0303537
F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
C:\Users\user\AppData\LocalLow\sqlite3.dll
true
DBF4F8DCEFB8056DC6BAE4B67FF810CE
BBAC1DD8A07C6069415C04B62747D794736D0689
47B64311719000FA8C432165A0FDCDFED735D5B54977B052DE915B1CBBBF9D68
C:\Users\user\AppData\LocalLow\vcruntime140.dll
false
1B171F9A428C44ACF85F89989007C328
6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
C:\Users\user\AppData\LocalLow\y3enbS6322L5
false
5F02C426BCF0D3E3DC81F002F9125663
EA50920666E30250E4BE05194FA7B3F44967BE94
DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
false
7A57D8959BFD0B97B364F902ACD60F90
7033B83A6B8A6C05158BC2AD220D70F3E6F74C8F
47B441C2714A78F9CFDCB7E85A4DE77042B19A8C4FA561F435471B474B57A4C2
C:\Users\user\AppData\Local\Temp\CSC20F2306B39284E32B5AB6E9725E2189D.TMP
false
B23E822FCB2280FC53787BE26C18163B
FBDA16FC446A95DE0DDB21BDC69F30678AF5DAC8
CABCFA669295A1779A542F38FF6A76CC43C940FFAD3317456AF4236231C5F695
C:\Users\user\AppData\Local\Temp\CSCC9AB450BCFA441ED9B999D6FD5DE3822.TMP
false
B9AEF806F45AA0C6D284E2A2421C0CC6
38051152B3B1EA43FB5FCB2D85B1560B48671F2C
BE2BD68301CA169E03DE86236717261A3E833A7FA58F9FF4B0022FEA7EAABAC7
C:\Users\user\AppData\Local\Temp\RESF206.tmp
false
012752E0707EEA46244D2A05798469BD
84D6205C99ABB9A6FA293F3ABEDA5881B2865AFD
37F4A9B506425891FB112A3171B7615F13A4AE7B5E72C769D5C6C5D80461E349
C:\Users\user\AppData\Local\Temp\RESFF35.tmp
false
6004D6D1DBF9E34B11911B53D999E7B7
D1301E50B94EF471CF9FB5F1F5E58BC8FA77BE43
BC96317B8606758B4339A859B6D23D1D637B13985154F4396CD01122436CDC58
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_isg504bu.mfz.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jtb51wp4.4ti.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\jv54rgf4.0.cs
false
F31A91CB873D422F30E84BFC6F0E4919
87946E5B050BC8C66C9F04EBB9F82E210522D8EE
91AF8FC99B650C87F7C49FAA1E0499F673E034ED712EB62782CFACBDF8329F84
C:\Users\user\AppData\Local\Temp\jv54rgf4.cmdline
false
CEDF9E9F3A2A3C215558679951662714
9F13A483F9901BC70E5D20C27D6EB19F88627EB4
A5A29C126C76CA3368EA95AD028065535CA722E86B4A7718945DCE51E078C325
C:\Users\user\AppData\Local\Temp\jv54rgf4.dll
true
7B3E63D6CDA29303F535789C06198D8D
8467A1340E832594B5116DB7B5EEB7F4EBE68917
DC603F47562D27B66E88A73EEA4B10CFCBE1BA07C53508DE1E7AABC2AA4297DF
C:\Users\user\AppData\Local\Temp\jv54rgf4.out
false
C3D5A24028E511E72D81B8CFFE21D07E
7B0D74EBF27ACC3440F27B58D24B9FDF16423258
FA8F6FC4E52D0C3D12E844A4A0EFBA726546F11D9EE4C54145FDC08CD4B7A5D1
C:\Users\user\AppData\Local\Temp\mkr2iq4u.0.cs
false
19FD6F555AD7C58D574C00F46F087B02
025EC4778721F20FDBFF775EDD2351BAEA93846C
9D08DF39AD05BD4A53F416AB8EF6A2FCA313EB9A1498E451284B445BB1830DAC
C:\Users\user\AppData\Local\Temp\mkr2iq4u.cmdline
true
9D44648466A6B784F5AA001AC2025FB2
3C8B81F05C5B0956513016AF1C098415032F5667
28345583811D1583EAA1D3FE89F7E8485AAA2E4C099CE88F98630353F6F1A71C
C:\Users\user\AppData\Local\Temp\mkr2iq4u.dll
true
7BA8C53CC5B4150A2BC2D28BA4102BDA
181FA51732E44516EEB9CD2D4A3A05AD416FE9CE
1E081AAE64B70AE747FF3F079BEEEC2F402B4564BCBCF26EF1E0CCB0E5FA5173
C:\Users\user\AppData\Local\Temp\mkr2iq4u.out
false
4A6E94B438A239B7126E4BBE6EFB11EC
28A7A6EB1D7B48EBA10D04525AA9D24367759557
A578A3A2161F98340C9941BA6E9EA9AF88DF7BC1C250B35504415ACA18F63028
C:\Users\user\AppData\Roaming\XHSRZM23.exe
true
B7CE4F9F6ECD85BB5EDBB6964226FDB6
12B28A42E960DFC522348EBA37B00EA74A0DF527
BF5845A6B0DF356338CC4AE53DD2CDEFCB114BD95F351E55FD430CEE5408FFEB
188.127.227.51
45.8.158.104
31.31.198.19
qpdownloads.com
false
31.31.198.19
trackingg-protectioon.cdn1.mozilla.net
false
unknown
http://45.8.158.104/uploaded/7PEROc7T_2Fgr3AlFhC44I/HihA8yGOnHHyC/7qKpRjMK/_2BISfbG8Z1hpAn69C67v7h/gkKIfJKu9W/RfGqkB9ODhAT7t3c5/NgU9QmTJW10x/ljH6Rbwk6Te/NQKogNebUNXkBe/OP8YU_2BPfX7w7JRWnzlY/DYJ2tPBGUU9yVi7O/2UHx3wnrI8usjfi/mEy_2FvxgACU_2BVfF/k_2BhGhcG/DY4c1ymhU_2BCF0kWEYq/M0_2B_2F16h_2BgoOGF/9_2FtG_2F6BZfr3nq2A72O/TaGtamWcSmCx5/BKV7x7CGne61RjWS63/G.pct
false
45.8.158.104
https://duckduckgo.com/chrome_newtab
false
unknown
http://nuget.org/NuGet.exe
false
unknown
http://www.mozilla.com/en-US/blocklist/
false
unknown
https://duckduckgo.com/ac/?q=
false
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
false
unknown
http://pesterbdd.com/images/Pester.png
false
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
false
unknown
http://constitution.org/usdeclar.txtC:
false
unknown
https://contoso.com/License
false
unknown
https://contoso.com/Icon
false
unknown
https://search.yahoo.com?fr=crmas_sfpf
false
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
false
unknown
http://https://file://USER.ID%lu.exe/upd
false
unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
false
unknown
http://188.127.227.51/
true
188.127.227.51
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
false
unknown
https://github.com/Pester/Pester
false
unknown
http://188.127.227.51/49d6ec0cd113efb59453fa49c7f2abcd
true
188.127.227.51
http://45.8.158.104/uploaded/zbAczskpRoi/wpOTNz2ovPWOn_/2B_2FrKEtFFbUGtGX6UpM/aPAjWjIABTFmZnGA/TX3qf
false
unknown
https://www.vign.
false
unknown
https://ac.ecosia.org/autocomplete?q=
false
unknown
https://search.yahoo.com?fr=crmas_sfp
false
unknown
http://45.8.158.104/uploaded/Xac7t2mitXIgCMsf9BuB/MO0_2Fwxiby6n8I6o_2/FDgHHlLSuOuDkfbPQtCcKd/YlwrlyD
false
unknown
http://constitution.org/usdeclar.txt
false
unknown
http://45.8.158.104/uploaded/zbAczskpRoi/wpOTNz2ovPWOn_/2B_2FrKEtFFbUGtGX6UpM/aPAjWjIABTFmZnGA/TX3qfwxbX9aDBL1/IeT5piixzi8h4SRl9u/8_2B0Atg2/EH_2BuWU2tSI81tfObAy/vUlIlX4Ry5a2Lkg_2BA/WrsB69Jk6Nr0AfUnViCZgr/xOQsHH2r7bRf4/GbUKvAO_/2B_2BNCAwjUDjs1PnMfwFho/BSlcplWuk_/2ByFg1B7Jha7Qhk7w/kMamT9D_2B57/Uw_2B3UVmpC/BA7AL3JebG7W65/8MiRPWVyAeG2AtQC9YkgU/qP7k.pct
false
45.8.158.104
https://contoso.com/
false
unknown
https://nuget.org/nuget.exe
false
unknown
http://qpdownloads.com/10103.exe
false
31.31.198.19
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://trackingg-protectioon.cdn1.mozilla.net/uploaded/1nOLBbA4MMg8uH2db9T/AXce5fVRPsPAKOJdUYw5Yz/f6
false
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
false
unknown
http://45.8.158.104/uploaded/7PEROc7T_2Fgr3AlFhC44I/HihA8yGOnHHyC/7qKpRjMK/_2BISfbG8Z1hpAn69C67v7h/g
false
unknown
https://mozilla.org0
false
unknown
http://www.sqlite.org/copyright.html.
false
unknown
http://45.8.158.104/uploaded/Xac7t2mitXIgCMsf9BuB/MO0_2Fwxiby6n8I6o_2/FDgHHlLSuOuDkfbPQtCcKd/YlwrlyDXRc_2B/ixVyFqQK/k126u_2B_2Ba_2BruFx1_2F/jniVE8w7fc/bk1R9cvUDCNSr3LVX/6pZVXtyVf482/WFP0247XYM7/A2gUdzKCCOqwfV/Gv8pnlgo2_2FOJ3S2ifKR/bqy_2FBRKHq_2Fpg/Vdjwqlx7uWisr2l/fEIsbd32W_2FSgiOj7/dytSGoyJO/SSfkZcDtemeWWSjAjk_2/FpEHeBUMQUi3yJQSNuD/_2FtYwM7I7Bk/pKYwZ.pct
false
45.8.158.104
Hooks registry keys query functions (used to hide registry keys)
Writes or reads registry keys via WMI
Yara detected Ursnif
Found evasive API chain (may stop execution after checking system information)
Antivirus detection for URL or domain
Modifies the export address table of user mode modules (user mode EAT hooks)
Writes registry values via WMI
Antivirus detection for dropped file
Tries to harvest and steal browser information (history, passwords, etc)
Snort IDS alert for network traffic
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: Dot net compiler compiles file from suspicious location
Found API chain indicative of debugger detection
Modifies the prolog of user mode functions (user mode inline hooks)
Antivirus / Scanner detection for submitted sample
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Modifies the import address table of user mode modules (user mode IAT hooks)