33.0.0 White Diamond
IR
502163
CloudBasic
17:07:19
13/10/2021
DHL AWB TRACKING DETAILS.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
1fc9414612683fa9b525a75355706490
780cee42ffebc33391e0a814db98e5cf8affed5e
ae095ebb3fffa75296b6db100d55ef0dcf8e8c7eb9a0c616e0adb732dc4ee8c9
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
true
1FC9414612683FA9B525A75355706490
780CEE42FFEBC33391E0A814DB98E5CF8AFFED5E
AE095EBB3FFFA75296B6DB100D55EF0DCF8E8C7EB9A0C616E0ADB732DC4EE8C9
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL AWB TRACKING DETAILS.exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
false
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
C:\Users\user\AppData\Local\Temp\tmp252C.tmp
false
5C2F41CFC6F988C859DA7D727AC2B62A
68999C85FC7E37BAB9216E0099836D40D4545C1C
98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
C:\Users\user\AppData\Local\Temp\tmp6D1.tmp
false
98538A364A3BA38F686CD7300023F6F3
A7448453C818945E0EE9F3B3DF5C9DBBB3908B08
32A23EDC35BA2651543B0A153DF21A74365487C55D25342F2D50AAD9BAC4C6E9
C:\Users\user\AppData\Local\Temp\tmpA586.tmp
true
98538A364A3BA38F686CD7300023F6F3
A7448453C818945E0EE9F3B3DF5C9DBBB3908B08
32A23EDC35BA2651543B0A153DF21A74365487C55D25342F2D50AAD9BAC4C6E9
C:\Users\user\AppData\Local\Temp\tmpD512.tmp
false
98538A364A3BA38F686CD7300023F6F3
A7448453C818945E0EE9F3B3DF5C9DBBB3908B08
32A23EDC35BA2651543B0A153DF21A74365487C55D25342F2D50AAD9BAC4C6E9
C:\Users\user\AppData\Local\Temp\tmpFE36.tmp
false
98538A364A3BA38F686CD7300023F6F3
A7448453C818945E0EE9F3B3DF5C9DBBB3908B08
32A23EDC35BA2651543B0A153DF21A74365487C55D25342F2D50AAD9BAC4C6E9
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
EB318F2FBFAD576CC3C0E6AF2BC1422E
4DCF1FBDAC8D7F275708497533F634FA9455DEC5
7D340406A2A1DBE171C2D222B76249FFB7AE1710FA2EA414DBE56F3EA91A1246
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
false
36CF5F6A15460E47553697F3171A68A2
664885AA8C10A6C8D4C997C7A1B4D9451B7B41D6
BB464FA713EA5DD09CCC34D69C6F641D78142D8A780759E274911734BC3BD689
C:\Users\user\AppData\Roaming\xWvcJacCRTJ.exe
true
1FC9414612683FA9B525A75355706490
780CEE42FFEBC33391E0A814DB98E5CF8AFFED5E
AE095EBB3FFFA75296B6DB100D55EF0DCF8E8C7EB9A0C616E0ADB732DC4EE8C9
C:\Users\user\AppData\Roaming\xWvcJacCRTJ.exe:Zone.Identifier
false
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
129.205.113.12
chinomso.duckdns.org
false
129.205.113.12
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Sigma detected: NanoCore
Yara detected AntiVM3
Detected Nanocore Rat
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules
Uses dynamic DNS services
Yara detected Nanocore RAT