Analysis
-
max time kernel
76s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-03-2023 13:09
Behavioral task
behavioral1
Sample
nanocore.exe
Resource
win7-20230220-en
windows7-x64
5 signatures
150 seconds
General
-
Target
nanocore.exe
-
Size
202KB
-
MD5
b04416d2d65bb38583788e0fd7014776
-
SHA1
ce9d2ac275b4b1f3d5f3780b946f543c314de43d
-
SHA256
72af6210c216823ebf34b1bb4099a502bef3ab0cbc27fe26430189a0e4059095
-
SHA512
c4c8151eeefcb1818c748d88809f8b9601c29f24792b25f17dc1c835b3e0a274b20f1f372ef80342cb94e0e0a9a6e8b6383d1b962f03d1cf2d1342cff5a75d60
-
SSDEEP
6144:wLV6Bta6dtJmakIM5ntDv+1ECGhAIgeHYuz:wLV6Btpmk2b+kXxHY6
Malware Config
Signatures
-
Processes:
nanocore.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA nanocore.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
nanocore.exepid process 2464 nanocore.exe 2464 nanocore.exe 2464 nanocore.exe 2464 nanocore.exe 2464 nanocore.exe 2464 nanocore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
nanocore.exepid process 2464 nanocore.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
nanocore.exedescription pid process Token: SeDebugPrivilege 2464 nanocore.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2464-133-0x00000000013E0000-0x00000000013F0000-memory.dmpFilesize
64KB
-
memory/2464-137-0x00000000013E0000-0x00000000013F0000-memory.dmpFilesize
64KB
-
memory/2464-139-0x00000000013E0000-0x00000000013F0000-memory.dmpFilesize
64KB
-
memory/2464-140-0x00000000013E0000-0x00000000013F0000-memory.dmpFilesize
64KB