31.0.0 Red Diamond
IR
321423
CloudBasic
00:39:15
22/11/2020
z2d6Yt5v.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
9bb6d4f72a348ad47cc97185604f4dd9
7384957e8a29f517654fcbd905861574e772d3ed
0a170ca414d288bc25ebb5ce92ccd51ff0f62b1479d669172194bf0067601df1
Win32 Executable (generic) Net Framework (10011505/4) 49.79%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Core Service.exe.log
false
80EFBEC081D7836D240503C4C9465FEC
6AF398E08A359457083727BAF296445030A55AC3
C73F730EB5E05D15FAD6BE10AB51FE4D8A80B5E88B89D8BC80CC1DF09ACE1523
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\z2d6Yt5v.exe.log
true
80EFBEC081D7836D240503C4C9465FEC
6AF398E08A359457083727BAF296445030A55AC3
C73F730EB5E05D15FAD6BE10AB51FE4D8A80B5E88B89D8BC80CC1DF09ACE1523
C:\Users\user\AppData\Local\Temp\Core Service.exe
true
9BB6D4F72A348AD47CC97185604F4DD9
7384957E8A29F517654FCBD905861574E772D3ED
0A170CA414D288BC25EBB5CE92CCD51FF0F62B1479D669172194BF0067601DF1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af48625ee196d906557ab2d838a9cc2f.exe
true
9BB6D4F72A348AD47CC97185604F4DD9
7384957E8A29F517654FCBD905861574E772D3ED
0A170CA414D288BC25EBB5CE92CCD51FF0F62B1479D669172194BF0067601DF1
\Device\ConDrv
false
689E2126A85BF55121488295EE068FA1
09BAAA253A49D80C18326DFBCA106551EBF22DD6
D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
81.249.236.18
noiphack93.hopto.org
false
81.249.236.18
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Contains functionality to log keystrokes (.Net Source)
Creates autostart registry keys with suspicious names
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected njRat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Njrat