nanocore | 491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea

Analysis

max time kernel
139s
max time network
154s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 13:37

Target

491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe
Size

100KB
MD5

6374da34c75dc28e910b0e25bc91a1c0
SHA1

f86f26ae5591ab8570095dc27e76e9d20aae59b6
SHA256

491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea
SHA512

411e02f51279614d0f6d56289fa222fa2d040eadc4202f8e98b8577c7cb6bdfb44659aee0f768ba359622888bf0d47b76661dc886188bc49e3a2ad91450476de
SSDEEP

1536:qT9caNpoa+VLZtsvH+KWgmaiZ4ZOjmjeQv7gO76aOqkWKW2Y8iJiOnA7K:qqaN7+VLkvHhmZZrjmalO7dORWJ8igJK

Score

10^/10

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe

description pid process

Token: SeDebugPrivilege 1228 491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe

description	pid	process
Token: SeDebugPrivilege	1228	491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe

C:\Users\Admin\AppData\Local\Temp\491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe
"C:\Users\Admin\AppData\Local\Temp\491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1228

memory/1228-54-0x000007FEF3C50000-0x000007FEF4673000-memory.dmp

Filesize
10.1MB

Download
memory/1228-55-0x000007FEF2BB0000-0x000007FEF3C46000-memory.dmp

Filesize
16.6MB

Download
memory/1228-56-0x0000000001F66000-0x0000000001F85000-memory.dmp

Filesize
124KB

Download