31.0.0 Red Diamond
IR
319657
CloudBasic
14:24:04
18/11/2020
NXKfWP9SPF0XHRu.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
444332a61d888ac4f80db03b3c2129e9
5d518f814c09b15b35cd9ba5d20d0892bd8ef90b
611c893208d8bf06031da708a44ec749b89b069ad1e84c14625b02bccb4998a0
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\NXKfWP9SPF0XHRu.exe.log
true
C3EC08CD6BEA8576070D5A52B4B6D7D0
40B95253F98B3CC5953100C0E71DAC7915094A5A
28B314C3E5651414FD36B2A65B644A2A55F007A34A536BE17514E12CEE5A091B
C:\Users\user\AppData\Local\Temp\tmp10AA.tmp
true
FA36D3CC836AD8E1BADA121233E83614
0DE7C6F513638E8B5E51C10C120D72BE6597FE08
0B393495206B3678363CAAE0231816475DAB2549E90F3F0F4C604B87BB20CB52
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
E78B48E8D621A403BFAB625F1C92B04C
E7A09F8F0B049DD57A0540A4AF40AF6A5D523676
D898054E52D71F403A89EB5D4B16B2E5221320ADE9D664FA3C8D72FC25D3DF8B
C:\Users\user\AppData\Roaming\ynSazlVxDpCRe.exe
true
444332A61D888AC4F80DB03B3C2129E9
5D518F814C09B15B35CD9BA5D20D0892BD8EF90B
611C893208D8BF06031DA708A44EC749B89B069AD1E84C14625B02BCCB4998A0
23.105.131.214
.NET source code contains potential unpacker
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT