Analysis
-
max time kernel
146s -
max time network
137s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
28-09-2024 17:58
General
-
Target
loader.exe
-
Size
202KB
-
MD5
0da267a9dcd9d54b8c7edd04bd4ecdf3
-
SHA1
c4ec11624a9ba832cc62b05734134fd904da5b5d
-
SHA256
32b4b4f6c49a3a6b8cc970adfe3533b09de4674fba47de82808eb46c8b4b5145
-
SHA512
2aa19300bcdfb45aa9917fc5d4c7e269c3ea5f2fa0a3978728e17ce14b7a80094fc5dd4b0e2fe6425335982005c07cb8cd0016ba10fe1c4f9021cda0548ec60f
-
SSDEEP
3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIIcfO32vT/T6BQ1bxjOhdiinvh:gLV6Bta6dtJmakIM5+fO32vTj19B+H
Score
10/10
Malware Config
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\loader.exe"C:\Users\Admin\AppData\Local\Temp\loader.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB