37.0.0 Beryl
IR
827617
CloudBasic
07:21:06
16/03/2023
server.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a4071382a33bb9fa55ff8bf8b111bc39
4eb7f936efe97a88aad9d38452829cd63a3624b2
04234564fe449d51f7e685455fcfafb3b7721a0b7d1551e3a370f579a3530e04
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
5.44.43.17
31.41.44.108
checklist.skype.com
false
unknown
http://31.41.44.108/ows
false
unknown
http://31.41.44.108/drew/kSoLH6P3P3ScRZ8VG2/ZyGmCU1Si/Pg3By2fxJOOkAR8rwi0H/T_2F0osErSjTF4ug24E/qpC0b
false
unknown
http://5.44.43.17/
false
unknown
http://5.44.43.17/H
false
unknown
http://checklist.skype.com/drew/t0_2F8jI1aC786/3pDAJvqTmNvXKWVK8YEK3/dSLDX7_2Bak45Arz/NG3260JY92AIOa
false
unknown
http://31.41.44.108/
false
unknown
http://5.44.43.17/dows
false
unknown
http://5.44.43.17/drew/L2Ctnat9/M34_2FbYe0ZC9ndvN_2FGmY/27aAwtqf0J/wCDEgzGms_2BItZWy/3Y988SJvsZ8d/G3
false
unknown
http://31.41.
false
unknown
http://5.44.43.17/drew/L2Ctnat9/M34_2FbYe0ZC9ndvN_2FGmY/27aAwtqf0J/wCDEgzGms_2BItZWy/3Y988SJvsZ8d/G3blEZDMCSE/Bi4DBDrc6fsxs_/2B3aB3ncMi0pp47wsona_/2Bg3i_2FKiTRHGjN/oHTatVB82_2Bul8/TJX3dbVMmJ11Klc61D/Pyd9ldtz9/oHshYCyo8YOqEvONS9ad/fWHuvb04Djokj2GS9tP/hFDYxrH3WbHt3WZEGKZKd7/8Da2SdLCDRHMt/cExDArjC/xj0VJZ2pcmhn5qbmTarHUT8/nHF70Bsig92/tQ.jlk
true
5.44.43.17
Found evasive API chain (may stop execution after checking system information)
Multi AV Scanner detection for submitted file
Detected unpacking (changes PE section rights)
Writes or reads registry keys via WMI
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Writes registry values via WMI
Multi AV Scanner detection for domain / URL
Found API chain indicative of debugger detection
Machine Learning detection for sample
Snort IDS alert for network traffic
Yara detected Ursnif