Analysis
-
max time kernel
124s -
max time network
150s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
18-10-2021 20:15
General
-
Target
a7f4ba93f28bc1228a12a0fac1ecfb2e.exe
-
Size
202KB
-
MD5
a7f4ba93f28bc1228a12a0fac1ecfb2e
-
SHA1
ae4c770291d431bc7475cf168e34e579ece3e1a5
-
SHA256
ff3604b2e276ca507bf7e5397df7390fd92e83dfc7c3f98737d7a6e9dbecd516
-
SHA512
5a7017338d30e7b323a926603b5b49e623ae9243e29f9b7c7181a8e834a477080f9d84aa9e7db1510cad07e13999eaa746352312bb9d7e39e2ba5679b34ff5fe
Score
10/10
Malware Config
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
suricata: ET MALWARE Possible NanoCore C2 60B
suricata: ET MALWARE Possible NanoCore C2 60B
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a7f4ba93f28bc1228a12a0fac1ecfb2e.exe"C:\Users\Admin\AppData\Local\Temp\a7f4ba93f28bc1228a12a0fac1ecfb2e.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1548-55-0x00000000768A1000-0x00000000768A3000-memory.dmpFilesize
8KB
-
memory/1548-56-0x00000000020A0000-0x00000000020A1000-memory.dmpFilesize
4KB