nanocore | 491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 13:37

Target

491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe
Size

100KB
MD5

6374da34c75dc28e910b0e25bc91a1c0
SHA1

f86f26ae5591ab8570095dc27e76e9d20aae59b6
SHA256

491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea
SHA512

411e02f51279614d0f6d56289fa222fa2d040eadc4202f8e98b8577c7cb6bdfb44659aee0f768ba359622888bf0d47b76661dc886188bc49e3a2ad91450476de
SSDEEP

1536:qT9caNpoa+VLZtsvH+KWgmaiZ4ZOjmjeQv7gO76aOqkWKW2Y8iJiOnA7K:qqaN7+VLkvHhmZZrjmalO7dORWJ8igJK

Score

10^/10

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe

description pid process

Token: SeDebugPrivilege 5056 491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe

description	pid	process
Token: SeDebugPrivilege	5056	491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe

C:\Users\Admin\AppData\Local\Temp\491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe
"C:\Users\Admin\AppData\Local\Temp\491317dca15518c29ffc2482ac9582a04676ff06e991977cd75d07c48adaecea.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5056

memory/5056-132-0x00007FF8F19B0000-0x00007FF8F23E6000-memory.dmp

Filesize
10.2MB

Download
memory/5056-133-0x0000000000AFA000-0x0000000000AFF000-memory.dmp

Filesize
20KB

Download