31.0.0 Red Diamond
IR
321402
CloudBasic
15:28:10
21/11/2020
Package_details.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ce3c5367fb067a45f5fa10c35ca23a28
9d0f4d746747a6fd13a48b1a867eb8d103d9daec
e4fc20492ed4f4750766382f6578d84f38bf680646eb6b5193c5733925941f67
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
true
CE3C5367FB067A45F5FA10C35CA23A28
9D0F4D746747A6FD13A48B1A867EB8D103D9DAEC
E4FC20492ED4F4750766382F6578D84F38BF680646EB6B5193C5733925941F67
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Package_details.exe.log
true
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
true
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Temp\3b53dd4f8dbc40fcb4ebf67bcf9e21d3.xml
true
5363971BB4E75D190780EAE4B297A7DC
5A8A8BE876670C7B4502A40EBDB1A91BE55FA164
4EE8F1603518DCD73AF9B0B1DC170826489587561BB8F35910A2A673AC077395
C:\Users\user\AppData\Local\Temp\AppData\sysfonts.exe
true
AC793C4CE42F9F1FA9158ECD6B234DDE
C336CDC682DF1BCE80AFEFB202E048BDA3762725
51B557C38973A019AD7B894AA7A0B4ACA9696D4AD3523447CCE6181ABEB3938C
C:\Users\user\AppData\Local\Temp\tmp30A7.tmp
true
DE07D5279DEEC6B525C123125016B4C2
FA6EEC4A236E84B2506DD4280A4B24FD9124CC58
A62ABE7A8B7A3D5F70CABD49CCBF12DE474E0BFBA21A0A8FC46800FCF48E0C52
C:\Users\user\AppData\Local\Temp\tmp33C5.tmp
false
5C2F41CFC6F988C859DA7D727AC2B62A
68999C85FC7E37BAB9216E0099836D40D4545C1C
98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
false
9E7D0351E4DF94A9B0BADCEB6A9DB963
76C6A69B1C31CEA2014D1FD1E222A3DD1E433005
AAFC7B40C5FE680A2BB549C3B90AABAAC63163F74FFFC0B00277C6BBFF88B757
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
8B38108DFF8545452009901160E26753
73D5ED40FA083606029C1CE61B04B0B0D1961CA5
E07631DD52B828F997192DB13896AC110DC113C01E16C1CE096DAD1B1745D8D4
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
false
4E5E92E2369688041CC82EF9650EDED2
15E44F2F3194EE232B44E9684163B6F66472C862
F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
false
653DDDCB6C89F6EC51F3DDC0053C5914
4CF7E7D42495CE01C261E4C5C4B8BF6CD76CCEE5
83B9CAE66800C768887FB270728F6806CBEBDEAD9946FA730F01723847F17FF9
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
false
4CACDC973783E93B39FD939846A38F73
8C863E75701DC2F9E1E2233672CDE785603B4E98
674E347C8427347CBAC62DB1B722FE6D5C03FF9E23A9E9F6891AF918B53D61FD
209.159.151.5
.NET source code contains potential unpacker
Connects to many ports of the same IP (likely port scanning)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Uses schtasks.exe or at.exe to add and modify task schedules
Detected Nanocore Rat
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT