We are hiring! Windows Kernel Developer (Remote), apply here!
flash

wzkp8c4Z3F.exe

Status: finished
Submission Time: 2022-09-23 08:22:12 +02:00
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore
  • RAT

Details

  • Analysis ID:
    708261
  • API (Web) ID:
    1075719
  • Analysis Started:
    2022-09-23 08:25:08 +02:00
  • Analysis Finished:
    2022-09-23 08:37:21 +02:00
  • MD5:
    c143cac623fbf082adedd43cad691a69
  • SHA1:
    62bd3d43d6e897922cf557d4e40f7d6d9035a4bf
  • SHA256:
    3a542858ddb263f3b60a1c7340d508e7f392443e9ee8521d0c9e4a8289173fdf
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
27/72

malicious
12/39

malicious

IPs

IP Country Detection
79.110.62.187
Germany

Domains

Name IP Detection
jasonbourne.bounceme.net
79.110.62.187

URLs

Name Detection
127.0.0.1
jasonbourne.bounceme.net
http://www.sakkal.com-e0$
Click to see the 63 hidden entries
http://www.fontbureau.com/designers/frer
http://www.jiyu-kobo.co.jp/jp/
http://www.jiyu-kobo.co.jp/H
http://www.fontbureau.comice
http://www.fontbureau.com/designers/frere-jones.htmlp
http://www.founder.com.cn/cnTF
http://www.jiyu-kobo.co.jp/Q
http://www.fontbureau.comd
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.comditam
http://www.fontbureau.como5
http://www.sakkal.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.fontbureau.come.com
http://www.jiyu-kobo.co.jp/jp/z
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.comkz
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.jiyu-kobo.co.jp/Y0/
http://www.jiyu-kobo.co.jp/m
http://www.agfamonotype.7
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.fontbureau.comitu
http://www.fontbureau.comdsed
http://www.fontbureau.comals
http://www.sajatypeworks.com
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.jiyu-kobo.co.jp/jp/C
http://www.founder.com.cn/cn/bThe
http://www.ascendercorp.com/typedesigners.htmllkA
http://www.fontbureau.com/designers?
http://www.fontbureau.comonyd5
http://www.tiro.com
http://www.jiyu-kobo.co.jp/Y0x
http://www.fontbureau.com/designers
http://www.jiyu-kobo.co.jp/Y0r1
http://www.goodfont.co.kr
http://www.jiyu-kobo.co.jp/jp/5
http://google.com
http://www.jiyu-kobo.co.jp/Y0r:
http://www.fontbureau.com/designers/cabarga.html.
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://www.jiyu-kobo.co.jp/en-u
http://fontfabrik.com
http://www.fontbureau.comgrita
http://www.jiyu-kobo.co.jp/5
http://www.jiyu-kobo.co.jp/liqu
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.comgrito
http://www.ascendercorp.com/typedesigners.html
http://www.itcfonts.
http://www.jiyu-kobo.co.jp/jp/Q
http://www.fonts.com
http://www.sandoll.co.kr

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wzkp8c4Z3F.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Temp\tmpDBD9.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
Non-ISO extended-ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpF6C5.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bak
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
ASCII text, with no line terminators
#