31.0.0 Red Diamond
IR
339033
CloudBasic
09:43:44
13/01/2021
parcel_images.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
5f8a97a2c2b464c360a3628c73b88103
134af6300df733356a3bd6dbe94f42dbfd2f31d8
74995e87513e47357c351f37565a1422202dace38dc789308d72417b5797b93e
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
false
71369277D09DA0830C8C59F9E22BB23A
37F9781314F0F6B7E9CB529A573F2B1C8DE9E93F
D4527B7AD2FC4778CC5BE8709C95AEA44EAC0568B367EE14F7357D72898C3698
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegSvcs.exe.log
false
50DEC1858E13F033E6DCA3CBFAD5E8DE
79AE1E9131B0FAF215B499D2F7B4C595AA120925
14A557E226E3BA8620BB3A70035E1E316F1E9FB5C9E8F74C07110EE90B8D8AE4
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
false
50DEC1858E13F033E6DCA3CBFAD5E8DE
79AE1E9131B0FAF215B499D2F7B4C595AA120925
14A557E226E3BA8620BB3A70035E1E316F1E9FB5C9E8F74C07110EE90B8D8AE4
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\parcel_images.exe.log
true
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Temp\tmp2412.tmp
true
46E9E8EC1EFA43B5667F496648C15EAF
6AE45D320AC09AEA99CA3103C5A46A97B8D3AF3C
18E19AB18E0DC61E3076AEBEC9EB5A6C1BD4904B53C767CDECE8E69F4AA5EDAF
C:\Users\user\AppData\Local\Temp\tmpB461.tmp
false
40B11EF601FB28F9B2E69D36857BF2EC
B6454020AD2CEED193F4792B77001D0BD741B370
C51E12D18CC664425F6711D8AE2507068884C7057092CFA11884100E1E9D49E1
C:\Users\user\AppData\Local\Temp\tmpB81B.tmp
false
5C2F41CFC6F988C859DA7D727AC2B62A
68999C85FC7E37BAB9216E0099836D40D4545C1C
98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
E398E3F1CD99EEB8CA347854BB3BE3C8
A2AE483FB695B17B260BA64D668C2B45115637AC
65FEAEA5580D02F5666021D68C872A98AA2FD31D2279DD9DD3FB57254D2C1058
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
false
D685103573539B7E9FDBF5F1D7DD96CE
4B2FE6B5C0B37954B314FCAEE1F12237A9B02D07
D78BC23B0CA3EDDF52D56AB85CDC30A71B3756569CB32AA2F6C28DBC23C76E8E
C:\Users\user\AppData\Roaming\kWLVXBfTFQKW.exe
true
5F8A97A2C2B464C360A3628C73B88103
134AF6300DF733356A3BD6DBE94F42DBFD2F31D8
74995E87513E47357C351F37565A1422202DACE38DC789308D72417B5797B93E
\Device\ConDrv
false
46EBEB88876A00A52CC37B1F8E0D0438
5E5DB352F964E5F398301662FF558BD905798A65
D65BD5A6CC112838AFE8FA70BF61FD13C1313BCE3EE3E76C50E454D7B581238B
69.61.59.215
cldgr.duckdns.org
true
69.61.59.215
.NET source code contains potential unpacker
Allocates memory in foreign processes
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected Nanocore Rat
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT