Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-11-2022 09:42
General
-
Target
271c92d4124758b378e5f0b5f3d8e96ef2f517f9b732d0a35b1113227bccf135.exe
-
Size
158KB
-
MD5
202e3ede5006aaa516cef6af81002da6
-
SHA1
fd77cd81afef5985ab5902f507d95de8edf0161b
-
SHA256
271c92d4124758b378e5f0b5f3d8e96ef2f517f9b732d0a35b1113227bccf135
-
SHA512
0b717b8c49451de34f28d7a94e7d2d1bba80f9f605497143e91feca64c5d8facf47185416f50cc4a7846fc25ab882bf3a74ef959361c68c50c657a6ddf761db8
-
SSDEEP
3072:i5Pto80z+vFMCnOzS9FL9sGR2uRyR7QPMtdVvuDZmXUv/KEs4aYRqfEh:iM80mniiLU7QPervuDZ3vyeRq4
Score
10/10
Malware Config
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\271c92d4124758b378e5f0b5f3d8e96ef2f517f9b732d0a35b1113227bccf135.exe"C:\Users\Admin\AppData\Local\Temp\271c92d4124758b378e5f0b5f3d8e96ef2f517f9b732d0a35b1113227bccf135.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10.2MB
-
Filesize
20KB