32.0.0 Black Diamond
IR
432605
CloudBasic
15:30:25
10/06/2021
dYy3yfSkwY.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
3deb8b7e51c21cba0c2c723c5af953dd
f98809b1b883912d278f7eaf64d7eedfaee1ef5a
c0503f7c65391a5be8030bbaaf6c17260fa67e40a3fcc23b84c26610c266008b
Win32 Executable (generic) a (10002005/4) 92.16%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\opjlpsercy.exe.log
true
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Temp\eq64oqvr7vut3n4dt5cu
false
7A73EF366D5F76E92D47C3064D0E3A26
C7638BBDAB4934280BD2A5F5B004623568BBD876
55713D87E066560138EB389AB6FE3DB6EA642EB5C0149992FC99A38D09AA86B4
C:\Users\user\AppData\Local\Temp\fonknpk
false
E25AE6DAF4BB7B1AA0EF37BBC646B782
5C728BDBDC69527306370AECC6D5C268523F043B
61CA2BDC62BD28E9B004B7F109F66FC8B0344A24FFDBF50EBBB0106A54865B01
C:\Users\user\AppData\Local\Temp\nso6CF1.tmp
false
AEF5690996B3714098A9E0B69D9E5828
24B935683ECD3F3AF9F9EFE2620D6D05EFFED89C
DBAADCC0481847BAB4237EDCF2F4990A047D5821BDFE186931103EAF17250101
C:\Users\user\AppData\Local\Temp\nso6CF2.tmp\System.dll
false
FCCFF8CB7A1067E23FD2E2B63971A8E1
30E2A9E137C1223A78A0F7B0BF96A1C361976D91
6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
C:\Users\user\AppData\Local\Temp\nsx8F4E.tmp
false
DD79AD8B5A51E756E3D0A2E149070DAA
9A999AE83C3078E311859D2AC02D97C8A95D4A51
90B79E2B60E81A85EAFEA954724DD02BA7FAAF8CE63A3AD5C94BE5CDE5CE4256
C:\Users\user\AppData\Local\Temp\nsz21EE.tmp
false
AEF5690996B3714098A9E0B69D9E5828
24B935683ECD3F3AF9F9EFE2620D6D05EFFED89C
DBAADCC0481847BAB4237EDCF2F4990A047D5821BDFE186931103EAF17250101
C:\Users\user\AppData\Local\Temp\nsz21EF.tmp\System.dll
false
FCCFF8CB7A1067E23FD2E2B63971A8E1
30E2A9E137C1223A78A0F7B0BF96A1C361976D91
6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
537E946452ACB3A53CA8A63365818B7D
D0AB80082C59716C5C9A98284944590E5181BAE1
F1C48C451E7B84D0CA328645EBBFCF632B9AA3ECAEE74FB36F3A84A2576B08FC
C:\Users\user\AppData\Roaming\monsuyajo\opjlpsercy.exe
true
3DEB8B7E51C21CBA0C2C723C5AF953DD
F98809B1B883912D278F7EAF64D7EEDFAEE1EF5A
C0503F7C65391A5BE8030BBAAF6C17260FA67E40A3FCC23B84C26610C266008B
79.134.225.90
wekeepworking.sytes.net
true
79.134.225.90
wekeepworking12.sytes.net
true
unknown
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Detected Nanocore Rat
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Yara detected Nanocore RAT