c0ca228582f0ec1819f80cf27f419d6244f3d4b5ce4ada7d5e60b0bb9dfe62ab

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nanoav.setup.exe
Size

10.1MB
MD5

d3183499677ec70688aa5dfe24380a22
SHA1

6fed4955188098d774b433b94ceb6b612b991c84
SHA256

c0ca228582f0ec1819f80cf27f419d6244f3d4b5ce4ada7d5e60b0bb9dfe62ab
SHA512

eccbdec5161904f46edab95fe87c42b1d8d6ef3e36a0598600bc11fded40457f38a43091a5e03bb1ebc03908dcd73a22b23864bf4beaa5d995d7137a2d5beddc
SSDEEP

196608:8JPtTA5yrGf3XKPygLm0io3bIL0HVC6XXBLkCf9RCyt5tKxcJMaeUqsCaiUMRMhc:4PtvrC3XKiHM/kCfj1EcJhedhXmc

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4968	nanoav.setup.exe
4968	nanoav.setup.exe
4968	nanoav.setup.exe
4968	nanoav.setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	4968	nanoav.setup.exe

C:\Users\Admin\AppData\Local\Temp\nanoav.setup.exe
"C:\Users\Admin\AppData\Local\Temp\nanoav.setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\LangDLL.dll

Filesize
5KB

MD5
027f0bb5d123dd723f3f7ce49154ee49

SHA1
4b221be750496e7fca1ed88908652f27e647a1be

SHA256
e2e50f951d56a0ee227bc9707e595acbe049b5f0d7379137fcfb240135f3264b

SHA512
1448791538f8ece0b19a288d919ab936e914a698d72615fdff3c4d892533c8f98802c1ba82ed2769bf11e7815eac0ba8abeb42b3860a089e8f4b1068766a8b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\LogEx.dll

Filesize
8.2MB

MD5
4a90a5613c25b1b73d67df3922769d08

SHA1
e04374dc939a8605467d82147097de12257bd526

SHA256
6eed753df721e53deb3d0f38996c4338fad351654464110182ada9e57aa9e8cf

SHA512
ccea8cf65722eb74055c580a7ba43ac507f56bec64332dce16438294e2dff3277b34061aaa2c94185023f1f29e1c58920f174de59a78774b6791f4108bf1b5fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\System.dll

Filesize
10KB

MD5
dc2765085770fd3b40bf825ba33441ae

SHA1
b2d12b34986a0297d915e3f869cbd92e95a39af9

SHA256
f5c9a7a3ccfc2033e5f6c8a23c8b3fc3385bb7503f8c2ea549c4e06ca5de92d9

SHA512
efe302d2f08df70b9565e2451fc2aab5849db54dcf7a0c3bfd36284a7af3ee823bd639fa2c2cae993d6bd8b47c3db854beaed5900b69b1d504ddd3f3cc092d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE40D.tmp\nsDialogs.dll

Filesize
9KB

MD5
86797f3140b90294f29276e38d40c2af

SHA1
f441fa8eb5c1871db36bab50a53d980078cd4ef0

SHA256
f4f17491e776f4b816b0e806d8bf73d10e7d6dbbd4d7f0fcd78ba7255d2879a3

SHA512
9229d8d71fafd71d08774eb02e43c6b6cd4d78ed257e0d85edc9027188e4b698232420cd93e5eb0a193c62e685bad9f637940b0d5ef6ef16c20e6e7c53d04981

Download Submit