31.0.0 Red Diamond
IR
322137
CloudBasic
15:27:11
24/11/2020
OFFER.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f0a3b70a92ece3204289b3e1e25c9942
5af0534294c9f5fd1ada722919ec8583f88f2ac9
0a09ec08c850081ffb281f5716859d62093a5f772266503cb67d5e49a4ecd4f4
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\OFFER.exe.log
true
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Temp\tmpB5D6.tmp
true
AB592D06D98D97E7246ACDE4BC6F877E
6F407D15DCD33272C9F36A3B60CE18EA287D943D
5F401C9D62E49D3C79957EE747E11E54B09AE2577B37BF3FD8E0F59779E17764
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
94BA71EFD891C3DCB84D299A3569E0DA
D1377C913F96023629C1A07DB3BF23E0BB5F9005
30F19B17612845ECB696342C4C9306B80FFCEC7BDC5ABA5DC83A9DA346270990
C:\Users\user\AppData\Roaming\RplepwTnfZYE.exe
true
F0A3B70A92ECE3204289B3E1E25C9942
5AF0534294C9F5FD1ADA722919EC8583F88F2AC9
0A09EC08C850081FFB281F5716859D62093A5F772266503CB67D5E49A4ECD4F4
C:\Users\user\AppData\Roaming\RplepwTnfZYE.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
192.168.2.1
37.18.96.19
udochukwu.ddns.net
true
37.18.96.19
.NET source code contains potential unpacker
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT