f135cb54cc49b06b0a661d52c50894ea6e42140a5e0316dc721e47c105b4043b | Triage

Analysis

max time kernel
140s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
25-11-2020 09:12

Sharing

Report Analysis Logs

General

Target

nosto.exe
Size

1.3MB
MD5

c5b92b47eeb6372edb232deae1bf47d7
SHA1

7034a52f0ebc2fd0b38c130b229902e33a02c5ed
SHA256

6f5801587baf461e5a67f49bc6f4b400a8f458dc223f4d3ec9e2eafd9b062f5f
SHA512

e82535143ad12e85ee58b515c536f43a60c6324b79bfad304ac9f19c77ebb6eabd1604cf5d7fb0b8f7bb557ca2cfa11d564bf1d86063c662f3b124eb9c31f9ce

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

nosto.exe

pid process

816 nosto.exe
816 nosto.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

nosto.exe

description	pid	process	target process
PID 816 wrote to memory of 1300	816	nosto.exe	nosto.exe
PID 816 wrote to memory of 1300	816	nosto.exe	nosto.exe
PID 816 wrote to memory of 1300	816	nosto.exe	nosto.exe

C:\Users\Admin\AppData\Local\Temp\nosto.exe
"C:\Users\Admin\AppData\Local\Temp\nosto.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:816

C:\Users\Admin\AppData\Local\Temp\nosto.exe
C:\Users\Admin\AppData\Local\Temp\nosto.exe /C
2⤵
PID:1300

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-0-0x0000000000000000-mapping.dmp

Download