ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75

Analysis

max time kernel
129s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NanoCore 1.2.2.0_Cracked By Alcatraz3222/Plugins/DucPlugin.ncp
Size

73KB
MD5

5eca68a8368e0e144b7016e30b85515c
SHA1

0ba48b49974156e5746958aeeb1c2a26c916b3be
SHA256

e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676
SHA512

ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644
SSDEEP

1536:u2iS9wNtywVjssrt1dY4vFP0A2vKZKxA6zghoS0Lunqq:uBS2NtywVrTd1J0FvKZKlCye/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1996	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\DucPlugin.ncp"
1⤵
- Modifies registry class
PID:3380

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3668,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads