36.0.0 Rainbow Opal
IR
736951
CloudBasic
12:24:08
03/11/2022
P2SMn3jloH.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
0779f7b34e9079944427b8260b49c205
31f2cf1dc970fdfaf51b9aab2c9e0b9715fb53ec
5c7ff5f2993bdb60d15a567dfaef41dcd30875d6629f2775acdb190e01dcef87
Win32 Executable (generic) a (10002005/4) 99.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Roaming\utisvaa
true
0779F7B34E9079944427B8260B49C205
31F2CF1DC970FDFAF51B9AAB2C9E0B9715FB53EC
5C7FF5F2993BDB60D15A567DFAEF41DCD30875D6629F2775ACDB190E01DCEF87
C:\Users\user\AppData\Roaming\utisvaa:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
87.251.79.60
host-file-host6.com
true
87.251.79.60
host-host-file8.com
true
unknown
http://host-file-host6.com/
true
87.251.79.60
http://host-host-file8.com/
true
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
Yara detected SmokeLoader
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
System process connects to network (likely due to code injection or exploit)
Contains functionality to inject code into remote processes
Deletes itself after installation
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Checks if the current machine is a virtual machine (disk enumeration)