Analysis
-
max time kernel
149s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01-10-2022 20:23
General
-
Target
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe
-
Size
202KB
-
MD5
65fd671b6c9fab44d3906bca563c2df0
-
SHA1
2aae5bf2856e9f1ff75b38ec6d79dc5fd7eab606
-
SHA256
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f
-
SHA512
b33fd992bb4f8d6c00879aca183cd658e1b6a0aba343aaa42d18df68cbd703d2d5f6623ea11bd58f4f30d26ae91bbd197d92f124d7e585b8dc7c0989f5869074
-
SSDEEP
3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIGAGuyMbaG0ZeXuBHuS2L+3Ij0:wLV6Bta6dtJmakIM54Gu6BJuS3soi5Q1
Score
10/10
Malware Config
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe"C:\Users\Admin\AppData\Local\Temp\bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1044-54-0x0000000075501000-0x0000000075503000-memory.dmpFilesize
8KB
-
memory/1044-55-0x0000000074840000-0x0000000074DEB000-memory.dmpFilesize
5.7MB
-
memory/1044-56-0x0000000074840000-0x0000000074DEB000-memory.dmpFilesize
5.7MB