Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    53s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2022 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    202KB

  • MD5

    4cedeb7f2bbb865949fac916f31ff5c6

  • SHA1

    23f459e090f237b419b33b331818b17ab805f768

  • SHA256

    37df56b4f26fcb210022abed5de5698854b8d0504c6305422ee2730ee06ead15

  • SHA512

    c38c1f6b0c43b0546917fb5e3a60f922798120d9f870f5c9920ac199907663968a201c5ad0ed80b9621cd4d37d8e7b1d5dac7c76ee09000b78bb658ea86b7809

  • SSDEEP

    3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI4jT9cx77B7aqetQ0XdeMBma1K:wLV6Bta6dtJmakIM5ox79PEQ8QVP3

Score
10/10
nanocoreevasionkeyloggerspywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4588

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4588-132-0x0000000075360000-0x0000000075911000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4588-133-0x0000000075360000-0x0000000075911000-memory.dmp

    Filesize

    5.7MB

    Download