Analysis
-
max time kernel
11s -
max time network
62s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
28-10-2021 22:08
Static task
static1
Behavioral task
behavioral1
Sample
7632KL.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
7632KL.exe
-
Size
202KB
-
MD5
91639b335d38504c8bb1771dbd2b98ae
-
SHA1
dd251aa96202f5970b3bfbd2e1d1a492d3597864
-
SHA256
dfdb008304c3c2a5ec1528fe113e26088b6118c27e27e5d456ff39d300076451
-
SHA512
e2cdb06752954d2f27a3ad600f8d1106bfef76b8b5644d1c98cb9919ee5c13968514c8087c1c97e7a7a85e65bcbdba9c1a19499728eaa2cba8558617486c23f5
Malware Config
Signatures
-
suricata: ET MALWARE Possible NanoCore C2 60B
suricata: ET MALWARE Possible NanoCore C2 60B
-
Processes:
7632KL.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7632KL.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
7632KL.exepid process 1692 7632KL.exe 1692 7632KL.exe 1692 7632KL.exe 1692 7632KL.exe 1692 7632KL.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7632KL.exepid process 1692 7632KL.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7632KL.exedescription pid process Token: SeDebugPrivilege 1692 7632KL.exe