36.0.0 Rainbow Opal
IR
730728
CloudBasic
08:28:49
26/10/2022
d2ef5.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
1d8a445bef0c0d4a7ec519f06c23224a
7dd349b8664ec7dbe769da64e1b324ae091a29e2
e807c46ba7cd53bf6900d1a8f32baba9a118410483faa68d51b233de738483e3
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
194.58.112.174
siwdmfkshsgw.com
true
194.58.112.174
trackingg-protectioon.cdn1.mozilla.net
false
unknown
https://www.reg.ru/web-sites/?utm_source=siwdmfkshsgw.com&utm_medium=parking&utm_campaign=s_land_cms
false
unknown
https://www.reg.ru/web-sites/website-builder/?utm_source=siwdmfkshsgw.com&utm_medium=parking&utm_cam
false
unknown
https://www.reg.ru/domain/new/?utm_source=siwdmfkshsgw.com&utm_medium=parking&utm_campaign=s_land_ne
false
unknown
https://reg.ru
false
unknown
https://www.reg.ru/support/ssl-sertifikaty/zakaz-ssl-sertifikata/Kak-zakazat-besplatny-SSL-sertifika
false
unknown
https://www.reg.ru/dedicated/?utm_source=siwdmfkshsgw.com&utm_medium=parking&utm_campaign=s_land_ser
false
unknown
https://www.reg.ru/whois/?check=&dname=siwdmfkshsgw.com&reg_source=parking_auto
false
unknown
https://parking.reg.ru/script/get_domain_data?domain_name=siwdmfkshsgw.com&rand=
false
unknown
https://www.reg.ru/hosting/?utm_source=siwdmfkshsgw.com&utm_medium=parking&utm_campaign=s_land_host&
false
unknown
Antivirus / Scanner detection for submitted sample
Found evasive API chain (may stop execution after checking system information)
Multi AV Scanner detection for submitted file
Writes or reads registry keys via WMI
Malicious sample detected (through community Yara rule)
Writes registry values via WMI
Found API chain indicative of debugger detection
Machine Learning detection for sample
Snort IDS alert for network traffic
Yara detected Ursnif