36.0.0 Rainbow Opal
IR
745057
CloudBasic
18:45:49
13/11/2022
DVvzRulsoR.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
c9d4c1c3f8729727c29e257f612e019f
15dd4aedf9f79cabbc8c0b057f6a0f9437c9ede7
030eb0fa76d1329d836619c55778968fc664186642fbb16df30ec1be10396fc9
Win64 Dynamic Link Library (generic) (102004/3) 86.43%
true
false
false
false
84
0
100
5
0
5
false
172.105.115.71
188.165.79.151
196.44.98.190
174.138.33.49
36.67.23.59
103.41.204.169
85.214.67.203
83.229.80.93
198.199.70.22
93.104.209.107
186.250.48.5
209.239.112.82
175.126.176.79
128.199.242.164
178.238.225.252
46.101.98.60
190.145.8.4
82.98.180.154
103.71.99.57
87.106.97.83
103.254.12.236
103.85.95.4
202.134.4.210
165.22.254.236
78.47.204.80
118.98.72.86
139.59.80.108
104.244.79.94
37.44.244.177
51.75.33.122
160.16.143.191
103.56.149.105
85.25.120.45
139.196.72.155
115.178.55.22
103.126.216.86
128.199.217.206
114.79.130.68
103.224.241.74
210.57.209.142
202.28.34.99
80.211.107.116
54.37.228.122
218.38.121.17
185.148.169.10
195.77.239.39
178.62.112.199
62.171.178.147
64.227.55.231
https://172.105.115.71:8080/wwyvvucvxqws/mizawg/mkzlwgu/
false
unknown
https://172.105.115.71:8080/
false
unknown
https://172.105.115.71:8080/wwyvvucvxqws/mizawg/mkzlwgu/s.dll
false
unknown
Creates an autostart registry key pointing to binary in C:\Windows
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Snort IDS alert for network traffic