33.0.0 White Diamond
IR
452025
CloudBasic
18:08:08
21/07/2021
yMI7.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
39121091956f8934b1c73041ee1cc90f
2d63ef96343bd4636ced243f81ce9cc361b28f74
9a2247160056d9a5de43a34672b7e1650402a8ec6f435f1ef0d07a5347907404
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
true
39121091956F8934B1C73041EE1CC90F
2D63EF96343BD4636CED243F81CE9CC361B28F74
9A2247160056D9A5DE43A34672B7E1650402A8EC6F435F1EF0D07A5347907404
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
true
61CCF53571C9ABA6511D696CB0D32E45
A13A42A20EC14942F52DB20FB16A0A520F8183CE
3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
D968E8CAF6CE7C3F89D60D184D89ECCB
9EE5ADC2852A7FBF89475B4DA612C1F601B4FB99
406646F65342BC1D184FB76057FDFC62ED701E62E2696709F5C249B720BED595
192.168.2.1
127.0.0.1
marquinhos-36228.portmap.host
true
unknown
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Yara detected Nanocore RAT