33.0.0 White Diamond
IR
451970
CloudBasic
16:28:53
21/07/2021
Contact00212399490.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a6bd3de048002bee7a8d973c887227d8
90cf93d93b141654a62ff3a3b6810faef2ff3d69
1e3539b9de51134004ff4bff43ab144e748a329265decf8421442cef3109210d
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
true
A6BD3DE048002BEE7A8D973C887227D8
90CF93D93B141654A62FF3A3B6810FAEF2FF3D69
1E3539B9DE51134004FF4BFF43AB144E748A329265DECF8421442CEF3109210D
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Contact00212399490.exe.log
false
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
false
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Local\Temp\tmp203E.tmp
true
FF1EAD8DD1A327803CC0AF366C4779BE
5D8B3A64E735C55AD2D37F07E5324A0D07D3759F
8A7A84F8AA98258FDE30287A469E05946729DC733298243F8E30AA35767A3467
C:\Users\user\AppData\Local\Temp\tmp23F8.tmp
false
5C2F41CFC6F988C859DA7D727AC2B62A
68999C85FC7E37BAB9216E0099836D40D4545C1C
98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
false
0D6805D12813A857D50D42D6EE2CCAB0
78D83F009D842F21FE2AB0EAFFD00E5AAD1776F4
182E0F8AA959549D61C66D049645BA8445D86AEAD2B8C3552A9836FA1E5BD484
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
A8C6CE27FDAD82203BB2ED4E9A023677
A4962AE7B7A6A7435C1EA5452EF02339C9831AA9
E93547D3CF9BAA27E30936696631627B1BF44F07E2AC6793A0A66AE7E264081E
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
false
4979705993AF30ED02989EE5ACDC91C6
E528A9C66F0045827240596C66B9F1B141503DB1
3918BA8BED55D1B40797E60A055BE2C5B70069A04D1E8162D510FEA3FA121AFF
192.168.2.1
202.55.134.123
hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw.ydns.eu
false
202.55.134.123
.NET source code contains potential unpacker
.NET source code contains very large strings
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Nanocore RAT