flash

ORDER TSA-A090621B.exe

Status: finished
Submission Time: 20.07.2021 08:31:26
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore
  • RAT

Details

  • Analysis ID:
    451105
  • API (Web) ID:
    818695
  • Analysis Started:
    20.07.2021 08:34:07
  • Analysis Finished:
    20.07.2021 08:48:18
  • MD5:
    f5d3b895f4109e09f8918fc52147d154
  • SHA1:
    e4fe29023bd9af1916d7c12197949ddaed424e8b
  • SHA256:
    9713a28e0645cc77089dfd921118db8827de0a8b7e8196d653da2002646bd3cf
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
14/68

malicious
8/46

IPs

IP Country Detection
84.38.133.182
Latvia
185.140.53.253
Sweden

Domains

Name IP Detection
dedicatedlambo9.ddns.net
84.38.133.182

URLs

Name Detection
dedicatedlambo9.ddns.net
185.140.53.253
http://www.fontbureau.com
Click to see the 40 hidden entries
http://www.galapagosdesign.com/
http://www.fontbureau.comdr
http://www.jiyu-kobo.co.jp/V
http://www.tiro.comn
http://www.founder.com.cn/cnU
http://www.fontbureau.comueTF
http://www.jiyu-kobo.co.jp/jp/M
http://www.founder.com.cn/cnA
http://www.sakkal.comx.
http://www.tiro.com
http://www.sajatypeworks.comD
http://www.jiyu-kobo.co.jp/71
http://google.com
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.coma
http://www.jiyu-kobo.co.jp/vau
http://www.sajatypeworks.com
http://www.founder.com.cn/cn/
http://www.founder.com.cn/cn
http://www.jiyu-kobo.co.jp/arge
http://www.fontbureau.com/designers/frere-jones.htmla-d
http://www.jiyu-kobo.co.jp/Y0d
http://www.jiyu-kobo.co.jp/r
http://www.fontbureau.comcomF
http://www.fontbureau.comonyd
http://www.jiyu-kobo.co.jp/
http://www.jiyu-kobo.co.jp/jp/71
http://www.ascendercorp.com/typedesigners.html
http://www.fontbureau.comals
http://www.sakkal.comd
http://www.urwpp.delar
http://www.sajatypeworks.comc
http://www.urwpp.de
http://www.founder.com.cn/cn/s
http://www.jiyu-kobo.co.jp/ns.
http://www.jiyu-kobo.co.jp/vnoi
http://www.fontbureau.com/designers/c
http://www.jiyu-kobo.co.jp/_
http://www.founder.com.cn/cn#
http://www.founder.com.cn/cnd

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER TSA-A090621B.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
data
#