33.0.0 White Diamond
IR
483610
CloudBasic
10:01:31
15/09/2021
vCVJO4xhuE
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
2bc1291ce4bef393a9407153d5e39640
2d3b60943ddec9126b6b8f3e038538f2816573ad
d0e91a9fb694973c0c69180751710002db2a7c6e9cdbd47c934db3d15d0237f8
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
CFC8B736D4B9C6C27D8CC12606D2B491
0A79518BEDAA1EEA5A87FDE2DA5F50716C59B62A
4AE1CA3EDE339DAAC910A86E66F4FAA03C984177B92EF6E080F6A8B854BC0AF4
C:\Users\user\AppData\Roaming\Gfxv2_0\RMActivate_isv.exe.bat
true
EE41C0FC7D593DE490C7C683B12CCA25
4B451F5F14AEAD1F0A5DD2C49607751012811C39
8918686EA8D8BC111FE877795392EBE6838A17B30B95102D72A9CA8E1FBB10CA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdchange.lnk
false
78433265C2E2CEEC888298F412113607
8649F7BD7230AA396AE87228F53F3CEF8B21D443
DCE34A53294DD66E2ED00CF4BD4DB6692F4996EA4651F1AE98E78E27CD7D30EA
megida.hopto.org
true
0.0.0.0
Found malware configuration
Maps a DLL or memory area into another process
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Writes to foreign memory regions
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected FrenchyShellcode packer
Binary is likely a compiled AutoIt script file
Sigma detected: NanoCore
Detected Nanocore Rat
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
AutoIt script contains suspicious strings
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Yara detected Nanocore RAT