36.0.0 Rainbow Opal
IR
756155
CloudBasic
18:23:06
29/11/2022
0321423605241625.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
edb1382c354ec6c09c53473e5335703a
a1a5fbfce034731cba1072bab6b97b26c8a90c79
c2c6eec67a1561c3a49179ddf756480876d92588c2e83d64246a04c3d724cb3d
Win32 Executable (generic) a (10002005/4) 99.38%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\Public\Libraries\Mwqrxeuz
false
A4230DEF1381688D96A42C48723B6FB4
DAC39DC194EB7525BE189B5BE47E7B3A70E8DF0B
C3F4FA12B0F5A069BD9CEF7EE09AEEE8DADB2199A3A0F05009E068C0CC0CB3F8
C:\Users\Public\Libraries\Mwqrxeuz.exe
true
EDB1382C354EC6C09C53473E5335703A
A1A5FBFCE034731CBA1072BAB6B97B26C8A90C79
C2C6EEC67A1561C3A49179DDF756480876D92588C2E83D64246A04C3D724CB3D
C:\Users\Public\Libraries\Mwqrxeuz.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\Public\Libraries\zuexrqwM.url
false
7DDCB7FA3CEA8198D5ADEBF8F7797F74
4552A0DFE75A7CF4875DDB3575800AE137F88E04
7E678198AFD5C53ADDBD2133245E72EBF9D6885F20496F5ACAEF2CF56C54856D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Mwqrxeuzvim[1]
false
A4230DEF1381688D96A42C48723B6FB4
DAC39DC194EB7525BE189B5BE47E7B3A70E8DF0B
C3F4FA12B0F5A069BD9CEF7EE09AEEE8DADB2199A3A0F05009E068C0CC0CB3F8
13.107.43.12
www.kuechenpruefer.com
true
217.160.0.95
librairie-adrienne.com
true
192.0.78.141
l-0003.l-dc-msedge.net
false
13.107.43.12
www.customapronsnow.com
true
52.85.92.84
shops.myshopify.com
false
23.227.38.74
www.thecuratedpour.com
true
unknown
onedrive.live.com
false
unknown
www.segurofunerarioar.com
true
unknown
www.librairie-adrienne.com
true
unknown
ppqfqw.ph.files.1drv.com
false
unknown
www.rematedeldia.com
true
unknown
www.rematedeldia.com/euv4/
true
https://ppqfqw.ph.files.1drv.com/y4mcSg4TVpIg-eA6Y1ciUp4Dzz62AcO4SwOj-306Rp8dovP_vJs6bBF8upLxcpz7eVd
false
unknown
http://www.autoitscript.com/autoit3/J
false
unknown
https://ppqfqw.ph.files.1drv.com/y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O3
false
unknown
https://ppqfqw.ph.files.1drv.com/U0
false
unknown
https://ppqfqw.ph.files.1drv.com/
false
unknown
https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PRESPN2npo
false
https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PR
false
unknown
https://ppqfqw.ph.files.1drv.com/_
false
unknown
https://ppqfqw.ph.files.1drv.com/y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O3rlGujQmh2dpM-9vT8IEOnYjevggDBPg3L6krVTX5rpZ6Y9fWqq7mXN8HP0HSdlr6-fMy35G8DvzJqxvSasnXVIJpB-5dNG-tdgdNk_U_XYoTZ1ccJrC1sgInwIFqmsOi4T1bkt9-CIDRF_pvQqcEQA/Mwqrxeuzvim?download&psid=1
false
13.107.43.12
https://onedrive.live.com/
false
unknown
https://ppqfqw.ph.files.1drv.com/s
false
unknown
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Antivirus / Scanner detection for submitted sample
Yara detected DBatLoader
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Creates a thread in another existing process (thread injection)
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic