Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

test.exe

windows10-ltsc 2021-x64

10

test.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    38s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    30/11/2024, 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.exe

  • Size

    202KB

  • MD5

    73f5733f76ac052b15335c1cd985f73f

  • SHA1

    8c4be16301b9da6caa774f800104adf5731b55a4

  • SHA256

    9cf5e2e0f424e7d3b206b17c262a538b29776c34b3fe11fa38222ce8cf7eaff3

  • SHA512

    7acda28d83caf6f27535c0e5e465b6219ba178ad673b0e4af517894c537dd50b7f16d3e83b3ddb7c8c268835eb9fd962902b38e51083a35d0c778aa1600349f5

  • SSDEEP

    6144:wLV6Bta6dtJmakIM5b4w9QT09e8iCp1Tz5klo:wLV6Btpmk+IIc8iCp1P5klo

Score
10/10
nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test.exe
    "C:\Users\Admin\AppData\Local\Temp\test.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:324
  • C:\Windows\system32\notepad.exe
    "C:\Windows\system32\notepad.exe"
    1⤵
      PID:3704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/324-0-0x0000000074752000-0x0000000074753000-memory.dmp

      Filesize

      4KB

      Download

    • memory/324-1-0x0000000074750000-0x0000000074D01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/324-2-0x0000000074750000-0x0000000074D01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/324-4-0x0000000074750000-0x0000000074D01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/324-5-0x0000000074752000-0x0000000074753000-memory.dmp

      Filesize

      4KB

      Download

    • memory/324-6-0x0000000074750000-0x0000000074D01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/324-7-0x0000000074750000-0x0000000074D01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/324-8-0x0000000074750000-0x0000000074D01000-memory.dmp

      Filesize

      5.7MB

      Download