Overview

overview

10

Static

static

10

Sena.exe

windows7-x64

10

Sena.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    30s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sena.exe

  • Size

    661KB

  • MD5

    c4cbee0a201dbd8a73d4cbf3a2cda032

  • SHA1

    1c47fb6372bf468386dc4296b7d4848653ac6586

  • SHA256

    6692ae7b22a57bff5df25a90c397e5c1251f1749545bf194026e72dd991d371c

  • SHA512

    ed4507ffbde0cc4fd47652b5b56d7caba761c7d759a0987c11f5cd080b84b233d0bdbfb250890c23a592e3932097e95158f06251b6ac9061608e7a9d130b545a

  • SSDEEP

    12288:DLV6BtpmkZPhWK3toMN4gatGC3yLx8NKMH1eyJ2ar9aJUPjsYntSZ6:nApf7fItk1MVeyNr9+Kj7A

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sena.exe
    "C:\Users\Admin\AppData\Local\Temp\Sena.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:916

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/916-0-0x00000000750F2000-0x00000000750F3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/916-1-0x00000000750F0000-0x00000000756A1000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/916-2-0x00000000750F0000-0x00000000756A1000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/916-5-0x00000000750F0000-0x00000000756A1000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/916-6-0x00000000750F2000-0x00000000750F3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/916-7-0x00000000750F0000-0x00000000756A1000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/916-8-0x00000000750F0000-0x00000000756A1000-memory.dmp
    Filesize

    5.7MB

    Download