Secured nc.exe

Status: finished

Submission Time: 2020-04-21 01:23:00 +02:00

Malicious

Trojan

Adware

Evader

Nanocore

Comments

Details

Analysis ID:
224023
API (Web) ID:
344645
Analysis Started:

2020-04-21 01:23:01 +02:00
Analysis Finished:

2020-04-21 01:38:32 +02:00
MD5:
b43e1d0b714af3502e1ac041b8164255
SHA1:
92ac3272506570e140692b6eb7a43aa1732c81b2
SHA256:
353cd6a5d6ea85d0ffb911e286ff7d460eec73334bc1fef0a59ea9cea782b281
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
151.80.8.11	Italy
104.18.49.20	United States

Domains

Name	IP	Detection
alice2019.myftp.biz	151.80.8.11
paste.ee	104.18.49.20

URLs

Name	Detection
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://paste.ee/r/9oMSH

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeObcreZp.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeObcreZp.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat	Non-ISO extended-ASCII text, with no line terminators	#
Click to see the 20 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4iyobpy.ya3.psm1	ASCII text, with no line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.088753.wOLLzNsL.20200421012339.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.088753.lYZjOG0e.20200421012329.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.088753.bSc2hfpi.20200421012338.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.088753._WPVLBC6.20200421012328.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\storage.dat	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\catalog.dat	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\WPA Service\wpasv.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ucsuky33.qoz.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyrv4obg.q3m.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jodanar2.lya.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_deajpnct.kty.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_anjtk3tt.dea.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3mopzjgk.ixp.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11x04zm5.0cb.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wpasv.exe.log	ASCII text, with CRLF line terminators	#

Secured nc.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Secured nc.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

Secured nc.exe