Analysis
-
max time kernel
124s -
max time network
150s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
18-10-2021 20:15
Static task
static1
Behavioral task
behavioral1
Sample
a7f4ba93f28bc1228a12a0fac1ecfb2e.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
General
-
Target
a7f4ba93f28bc1228a12a0fac1ecfb2e.exe
-
Size
202KB
-
MD5
a7f4ba93f28bc1228a12a0fac1ecfb2e
-
SHA1
ae4c770291d431bc7475cf168e34e579ece3e1a5
-
SHA256
ff3604b2e276ca507bf7e5397df7390fd92e83dfc7c3f98737d7a6e9dbecd516
-
SHA512
5a7017338d30e7b323a926603b5b49e623ae9243e29f9b7c7181a8e834a477080f9d84aa9e7db1510cad07e13999eaa746352312bb9d7e39e2ba5679b34ff5fe
Malware Config
Signatures
-
suricata: ET MALWARE Possible NanoCore C2 60B
suricata: ET MALWARE Possible NanoCore C2 60B
-
Processes:
a7f4ba93f28bc1228a12a0fac1ecfb2e.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a7f4ba93f28bc1228a12a0fac1ecfb2e.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
a7f4ba93f28bc1228a12a0fac1ecfb2e.exepid process 1548 a7f4ba93f28bc1228a12a0fac1ecfb2e.exe 1548 a7f4ba93f28bc1228a12a0fac1ecfb2e.exe 1548 a7f4ba93f28bc1228a12a0fac1ecfb2e.exe 1548 a7f4ba93f28bc1228a12a0fac1ecfb2e.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
a7f4ba93f28bc1228a12a0fac1ecfb2e.exepid process 1548 a7f4ba93f28bc1228a12a0fac1ecfb2e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
a7f4ba93f28bc1228a12a0fac1ecfb2e.exedescription pid process Token: SeDebugPrivilege 1548 a7f4ba93f28bc1228a12a0fac1ecfb2e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a7f4ba93f28bc1228a12a0fac1ecfb2e.exe"C:\Users\Admin\AppData\Local\Temp\a7f4ba93f28bc1228a12a0fac1ecfb2e.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken