37.0.0 Beryl
IR
826967
CloudBasic
12:30:25
15/03/2023
marzo.txt.url
defaultwindowsinteractivecookbook.jbs
Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
WINDOWS
d8dc17b22192b297073d5749a7b49966
606fd516fb85a0fbaa3a2b7ea92feffd5ae41b99
f7b7f524138f10ad3b0d8145997db4ee5c90e7d8f76281cfc4a32bc427833236
Windows URL shortcut (11001/1) 91.66%
true
false
false
false
88
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20230315T1230440507-6104.etl
false
B8BA6B7187B954175903A42227D0D074
C8CCE7F52C0AE82D5491D8068898F84D61BE72CD
3FC29469CA7B7E2D992FE4F773E31E961D7A0138034CD4B354A20F099C084015
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.xml
false
05C75784B643BF3D900ECA7142449F49
2763DC3D4C243EF1E7BDB54EBAEC3DF3DE9D5B5D
7290D05C07B3DDF1189C8CF30E64122E03DF51C2A8332FAF1060100CF8932D70
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
false
C9175FCB9AE1728759F63A4951D61701
37359EAF4FFA4370EC46323C90EF327ABB282F76
CEBF4CEA7D9A7C055FB38C9EAE31A136A701CC5727D472D13C29F2C3BD0AF368
5.44.43.17
192.229.221.95
checklist.skype.com
false
unknown
http://5.44.43.17/
false
unknown
http://5.44.43.17/drew/ZSasVN0fLMcptc05TEVCa/mWgPW7Eo_2Fhz8Y6/Fz7ovUnPPN6ieZv/4FY_2FkRwgHKarRxmu/cK8
false
unknown
http://5.44.43.17/~
false
unknown
http://5.44.43.17/b2c5-fe065076e0a1
false
unknown
http://checklist.skype.com/drew/XaKJ910OZ6OkzOiEp1j_2/BGdUIBHp_2FM8Z2X/fEGunvRWGFrRGJ9/FM827N5CFAo37
false
unknown
http://checklist.skype.com/drew/p8a6EJ5vt4U/NrIUl_2BZrXy6_/2BoMtuVkg7FYSQnXs7vFZ/T_2BtMhNb_2F_2Bq/Vr
false
unknown
Writes or reads registry keys via WMI
Malicious sample detected (through community Yara rule)
Yara detected Ursnif
Found malicious URL file
Detected unpacking (changes PE section rights)
Writes registry values via WMI
Snort IDS alert for network traffic
Opens network shares