Register Login

sloganpng

top title background image

SecuriteInfo.com.Variant.Graftor.794682.24183.exe

Status: finished

Submission Time: 2020-09-12 11:36:26 +02:00

Malicious

Ransomware

Trojan

Evader

Nanocore

Comments

Tags

Details

Analysis ID:
284760
API (Web) ID:
464705
Analysis Started:

2020-09-12 11:36:28 +02:00
Analysis Finished:

2020-09-12 11:46:05 +02:00
MD5:
dd150c457601ba111eb3c60c63fd3dff
SHA1:
8c1d323f5068c1e47937daeea11014702eb19307
SHA256:
bd0f134d79df0d8a8fa72b958af1de70e2ddf834620ab583b4d18908b9b89d62
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 31/69

malicious

Score: 21/29

malicious

IPs

IP	Country	Detection
197.210.227.21	Nigeria

Domains

Name	IP	Detection
bangitin.ddns.net	197.210.227.21

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat	Non-ISO extended-ASCII text, with no line terminators	#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a	data	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#