34.0.0 Boulder Opal
IR
623786
CloudBasic
20:20:48
10/05/2022
Ki8WlC0ddA.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
0f8819270f261881bdfdbb15fe4f4d7c
7473c2e2683725955a0e9ace00fa1dea2a884a4c
42bc81c2809d6ae05c7eac0f21374e297f21acb00d3baee3a2c6a14b963a058a
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ki8WlC0ddA.exe.log
true
2E016B886BDB8389D2DD0867BE55F87B
25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
false
E415DB43B45288B4347C4C3A5CFD1DA2
3C015F553C4D8A12D6AF92C59E1AD0780277CEAC
62414F327822AF8C2CF75394C9E38227D812D42902619E22A93A02B917937A6B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5mvax22.jet.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r1la5k4g.tlc.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\tmp39F4.tmp
true
D817721B3222A81D668B278F4C7FB15E
D9E3B938D94E3C4168E5595893B86DF03D1D62BE
0C94818867E19163C0A62116BB70A70D3265E0F43FD1FEEF41C98D38EF82AFB3
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
923A7A6E01C3242596B4D950D6B20EFA
330D952A60F1ECE84AE8A4881E3EA1BA35DBAE3D
9BDC8A1B234E8533091289DB12DFFA06A876EE6B7252DDD52D0AE593029A258A
C:\Users\user\AppData\Roaming\nbbxvA.exe
true
0F8819270F261881BDFDBB15FE4F4D7C
7473C2E2683725955A0E9ACE00FA1DEA2A884A4C
42BC81C2809D6AE05C7EAC0F21374E297F21ACB00D3BAEE3A2C6A14B963A058A
C:\Users\user\AppData\Roaming\nbbxvA.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\Documents\20220510\PowerShell_transcript.849224.GF_mjD2U.20220510202227.txt
false
1DA29D1894E77B9BA3977D096D10811E
D0DD941D535DD09DF3E4278C416BFECA0B1A5AEA
6E785EE9F4562FC8CF7C81AA9DEC1A10B2A45CE3F5F2B978792E185926E2C106
91.193.75.221
true
http://www.carterandcone.compor
false
unknown
http://www.sandoll.co.krttp://w
false
unknown
http://www.fontbureau.com/designers
false
unknown
91.193.75.221
true
http://www.sajatypeworks.com
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.jiyu-kobo.co.jp/:
false
unknown
http://www.fontbureau.comgrita
false
unknown
http://www.carterandcone.comUI
false
unknown
http://www.jiyu-kobo.co.jp/3
false
unknown
http://www.founder.com.cn/cn/a
false
unknown
http://www.fontbureau.comalsv
false
unknown
http://www.sajatypeworks.comaK
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.jiyu-kobo.co.jp/Y0
false
unknown
http://www.ascendercorp.com/typedesigners.html
false
unknown
http://www.jiyu-kobo.co.jp/(
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.goodfont.co.krm
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.fontbureau.comC
false
unknown
http://www.zhongyicts.com.cn-s
false
unknown
http://www.fontbureau.comicv
false
unknown
http://www.jiyu-kobo.co.jp/Lodi
false
unknown
http://www.galapagosdesign.com/
false
unknown
http://www.fontbureau.comonyF(
false
unknown
http://www.agfamonotype.Y
false
unknown
http://www.fontbureau.com.TTFY
false
unknown
http://www.carterandcone.com.t
false
unknown
http://www.jiyu-kobo.co.jp/C
false
unknown
http://www.sandoll.co.krc
false
unknown
http://en.w
false
unknown
http://www.goodfont.co.krF
false
unknown
http://www.carterandcone.coml
false
unknown
http://www.founder.com.cn/cn/
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.carterandcone.como.2
false
unknown
http://www.jiyu-kobo.co.jp/t
false
unknown
http://www.jiyu-kobo.co.jp/r
false
unknown
http://www.jiyu-kobo.co.jp/iv
false
unknown
http://www.sajatypeworks.comt;
false
unknown
http://www.founder.com.cn/cnicr
false
unknown
http://www.carterandcone.com-s
false
unknown
http://www.fontbureau.comok
false
unknown
http://www.zhongyicts.com.cnG
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://www.jiyu-kobo.co.jp/jp/C
false
unknown
http://www.fontbureau.comitudC
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
http://www.founder.com.cn/cnM
false
unknown
http://www.fontbureau.com/designers?
false
unknown
http://www.zhongyicts.com.cnUI
false
unknown
http://www.tiro.com
false
unknown
http://www.jiyu-kobo.co.jp/jp/3
false
unknown
http://www.goodfont.co.kr
false
unknown
http://www.carterandcone.com
false
unknown
http://www.founder.com.cn/cnF
false
unknown
http://www.zhongyicts.com.cn%
false
unknown
http://www.carterandcone.como.v
false
unknown
http://www.fontbureau.comiono(
false
unknown
http://www.typography.netD
false
unknown
http://www.founder.com.cn/cnn
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://fontfabrik.comu
false
unknown
http://www.founder.com.cn/cnl
false
unknown
http://www.sandoll.co.krFo
false
unknown
http://www.fontbureau.com/designersw
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.sakkal.com
false
unknown
http://www.fontbureau.com/designerso
false
unknown
http://www.fontbureau.com/designersn
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.fontbureau.comF
false
unknown
http://www.carterandcone.comTC
false
unknown
http://www.fontbureau.comL.TTF
false
unknown
http://www.jiyu-kobo.co.jp/jp/
false
unknown
http://www.fontbureau.comd
false
unknown
http://www.fontbureau.comce2
false
unknown
http://www.jiyu-kobo.co.jp/k-s
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.galapagosdesign.com/.
false
unknown
http://www.carterandcone.comTCy
false
unknown
http://www.carterandcone.comorm
false
unknown
http://www.monotype.
false
unknown
http://www.carterandcone.comue~
false
unknown
http://www.fontbureau.comm
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://www.fontbureau.como
false
unknown
http://www.fontbureau.com/designers8
false
unknown
http://www.fontbureau.comdC
false
unknown
http://www.sandoll.co.krn-u
false
unknown
http://www.fontbureau.comlic3
false
unknown
http://www.fontbureau.com/designers/
false
unknown
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Sigma detected: NanoCore
Yara detected AntiVM3
Machine Learning detection for sample
Detected Nanocore Rat
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Adds a directory exclusion to Windows Defender
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Nanocore RAT