Overview

overview

10

Static

static

10

7632.exe

windows7_x64

10

7632.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    29-10-2021 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7632.exe

  • Size

    202KB

  • MD5

    40b8eb513d3b5150daa1f62be7e10b64

  • SHA1

    84fd5b160e4e48a6eaf814767c60ba3e2e9d324c

  • SHA256

    4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545

  • SHA512

    c716ec8067085b34a65322700658e8683d1fe05b929322f8989bfb182a91ef2c1f6b41c4f2fd1c3016c32b4c6085ee22e5bc88181cbc36555bf3a10cb45f900b

Score
10/10
nanocoreevasionkeyloggerspywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7632.exe
    "C:\Users\Admin\AppData\Local\Temp\7632.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:1668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1668-54-0x00000000767F1000-0x00000000767F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1668-55-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download