Analysis
-
max time kernel
120s -
max time network
153s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
25-10-2021 19:56
General
-
Target
6811A4CEA56365431B3799600303C945593A997E61968.exe
-
Size
202KB
-
MD5
b161113ed44310e65c3d704c0550d668
-
SHA1
b3a8d24f6b43c44e146dc808ee562c6e1d245c46
-
SHA256
6811a4cea56365431b3799600303c945593a997e619685d3e98889184cf458c2
-
SHA512
e47d75c508e8e50a393cc4929d36af9cd58ef62cab4e64a8e2cc942af47a61461acbd3ee28d9ddb4eafdd3882dfe8ab85a0d07bbf4a696e0ef24f97ad793ac47
Score
10/10
Malware Config
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6811A4CEA56365431B3799600303C945593A997E61968.exe"C:\Users\Admin\AppData\Local\Temp\6811A4CEA56365431B3799600303C945593A997E61968.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2668-115-0x0000000000EA0000-0x0000000000EA1000-memory.dmpFilesize
4KB