Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2022, 01:21
Static task
static1
Behavioral task
behavioral1
Sample
ActivePanel.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
ActivePanel.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
NanaTM.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
NanaTM.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Readme First.ini
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
Readme First.ini
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
NanaTM.exe
-
Size
1.7MB
-
MD5
02243a2a8ab9818341fa34a818eda068
-
SHA1
de511d5a90cbee3e11eb1d88323a3d9d54919316
-
SHA256
d3133f09b459e754bd55977224d8d3e868927407dc784d836f52c171c2748342
-
SHA512
d124992341335205ce0c94edb640b04b030640b939772e8b399d0709ba86635d82c1171f9375c8fc01882ec2cd271416689cec065d2ef6a0052358df18c6204c
-
SSDEEP
49152:Hs516MnIQJwJ+YP/QAPYTysIWEOifkTonU4:y6MI0wJAui
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe 2268 NanaTM.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2268 NanaTM.exe 5048 ActivePanel.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 5048 2268 NanaTM.exe 83 PID 2268 wrote to memory of 5048 2268 NanaTM.exe 83 PID 2268 wrote to memory of 2140 2268 NanaTM.exe 84 PID 2268 wrote to memory of 2140 2268 NanaTM.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\NanaTM.exe"C:\Users\Admin\AppData\Local\Temp\NanaTM.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\ActivePanel.exeActivePanel.exe2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5048
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2140
-