36.0.0 Rainbow Opal
IR
726756
CloudBasic
14:19:06
20/10/2022
cVZ5IwmAMe.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
17ddc738604a040176b85c80173c5090
75db1976ccc16912d4f1d4fc68b8c8975ad39ac4
4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
100
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_cca756cf3ca542105b493949e775f8b1db5ee_fe4ae974_158939b6\Report.wer
false
EBA0D915F4EF0CDE7B93C751A64B71A0
D37844338EF4ED0A156B57E8A767439D8AB90D79
39CFE32F1433760A7B186DA95D11944FF56452FBE3A36CFEA6A64B23C1E4EBA5
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_dc7d771a9db219da0c9c31413fa668d5ca41a6_fe4ae974_05552e4d\Report.wer
false
8E37D16D620E4EE20A28DAC5F5852321
20181248C028EE61727247044BAFA22E91A6559D
255674652B01552F8E32D4F1C71DA26B460C16F31C82B9C5BDC63E1E977C45F6
C:\ProgramData\Microsoft\Windows\WER\Temp\WER264E.tmp.dmp
false
1073AA02A4DF507608985A4A85A07216
2DCFAAC6CB41BB242DED1C648194D542236488CC
B354323F2BC10EB484013010D8386E41D692A3E1AC884386BECAD929E4FD2702
C:\ProgramData\Microsoft\Windows\WER\Temp\WER27E5.tmp.WERInternalMetadata.xml
false
0E8D7BBC703BB5B35B2C53B75C916BA0
D29311E81DF175126F6B6457A869548F94B207FD
8C299703037216C1DE0D61C5B879C4663E8316DDBEDA0C21FF8401E52C251C20
C:\ProgramData\Microsoft\Windows\WER\Temp\WER28A1.tmp.xml
false
D428A8A7AE77C18BA300C2788B331565
B06098EEAB0C2C6D23AA31CE467E5282EFD0CF26
74D0633427398765B8F35DD4A134F1D0817084613FF040E76717E81F5B7446BC
C:\ProgramData\Microsoft\Windows\WER\Temp\WER33DA.tmp.dmp
false
570B4A65F1C03EEF65C5616FACCF3456
6F6957D93401F9CDF8C15F9E3288A0B2438D19D7
B4C9E2345BDEE76E9071928131F3472DAE6280B858469208668120CF7DFE8E92
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3572.tmp.WERInternalMetadata.xml
false
01A46D4738076CA62CDC1D28C74685BE
B26216E5B48E88E891F9CEA76E9C55C55AD117F9
31A4642A9C2CD6A5D50222319081DDB285F34A0A7343A214FAACB69164FBEA50
C:\ProgramData\Microsoft\Windows\WER\Temp\WER363E.tmp.xml
false
EE6034CF18225466082F87E34F422984
6C069D18AE2B5E2A38E2A2442E602183197CBD65
303A098574CC0028B25AE503A6D0948F870C64F014613393B08530ACFF806F00
62.173.145.183
192.168.2.1
31.41.44.194
l-0007.l-dc-msedge.net
true
13.107.43.16
linetwork.top
true
62.173.145.183
onlinetwork.top
true
31.41.44.194
http://onlinetwork.top/
true
unknown
http://linetwork.top/drew/0sQ7G5MK/K3A5th94SczU1K59UFfpeLh/J17DiVhkKW/LyhNewAspCDHUtEas/F0gRR_2BrzDs
true
unknown
http://onlinetwork.top/drew/5f_2BEDtM2CrlBj8hi85/PfpslRV80x6hEReBBsC/BgCJ3i1tejkKUVj0skPC_2/FG_2BjUb
true
unknown
http://onlinetwork.top/drew/K_2FqA2xbKL/njlOSx6YZxCsC1/NFhl_2FKNwee1I_2FsyQo/3lkzkmpLRl6mAh0d/8NioTP
true
unknown
http://linetwork.top/drew/KMMjqoTxziRlJvE/gNQPrvUPxqLNufKLCE/JH3UmHEB_/2B_2BzV_2BvfObx2f9w0/DgM6KzpzkFa0_2B2dRV/pBB0_2FnhSh3B1HrWQggbl/6yr_2BeHM7RhP/EQBdRd5n/WMFWEYQbNncplyS1nZxHquO/Dl0_2FZlCi/H7jS5UTDOVVAj0e_2/BP38A8joa9MI/uVE_2Fo3ECW/1FFJSef9MuZGr_/2B9LknlvHMlh3p6lHoAOu/HpoF5RbVarHLswoW/XhjcRNsVFN_2Faq/1QC22OwanscYLqlevC/p97ADQM6AS8_2FJi/nn82n.jlk
true
62.173.145.183
http://linetwork.top/
true
unknown
http://linetwork.top/drew/0sQ7G5MK/K3A5th94SczU1K59UFfpeLh/J17DiVhkKW/LyhNewAspCDHUtEas/F0gRR_2BrzDs/iuv6_2F2R2q/VU2O6EJ3EhI5uh/A5C2wRpZF_2FN6Skwj1uH/gsVRqmZs2mqIGO1d/sKRhOCfSSp3MAva/Mxxm2nqzKORinrbeZ3/z67oAItgn/k8VHFWexyUU_2FA_2BPV/QdcdTsvdt_2BKefM9G5/mT6M3zVj_2BfxHgfvoM1Vv/marhfTTPZdwKD/8RgEG4oq/f5httb_2BKiNQuEoUj_2FU4/qo0ljR4FNC0/5q1FSK.jlk
true
62.173.145.183
http://linetwork.top/drew/09dgKs_2BbGAUCZtNDfinAe/OBR2Fkwyls/rLfOzEm8taaEOpdgP/DGmX0HEH0YWb/9UgQCY1OoBP/16pWsh4Cy9rMRa/0naMTlH4D0jWSBvaLUMCT/VzfvlLpo6FHUtlJQ/DtpBc7vmn8rOS4k/xe3M0wkxCK5Om9Qsrc/Fu1mpdzkb/E5_2FW9vtCbCxhM8q_2F/YFJvu0mL313E60i9bem/o9T05qm4K45Pkaydjzo9gZ/BS0FXjQKsPhWn/z4GNxY84/_2FhBQGZQz4I6Dv77YbEnq5/_2FeodcjVbE87q/b67.jlk
true
62.173.145.183
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for submitted file
Writes or reads registry keys via WMI
Malicious sample detected (through community Yara rule)
Found API chain indicative of debugger detection
Yara detected Ursnif
Found evasive API chain (may stop execution after checking system information)
System process connects to network (likely due to code injection or exploit)
Writes registry values via WMI
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic