analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar |
| Full analysis: | https://app.any.run/tasks/5d338cac-04c9-4c0c-a4ff-e4e7564fd151 |
| Verdict: | Malicious activity |
| Analysis date: | January 10, 2019, 14:44:30 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-rar |
| File info: | RAR archive data, v5 |
| MD5: | B503DAE91C8591B708DE239431896A26 |
| SHA1: | 9045A05BDDF56D2A11F2E7736E742CEA90FF03B7 |
| SHA256: | 84C3D629D2C9FDB8F142172851C3B63CFAE6AED020985C06FCD838CBD4AFCCBA |
| SSDEEP: | 98304:QqCoJGzrY4vrFnMcN+i/3o0yt0RBZqo/+ylLjvjYZb1UBCFCm/IxCFPztndU7B1U:FXGz0WrFM8+KPgoGytYQB28kBztndI1U |
MALICIOUS
Application was dropped or rewritten from another process
- NanoCore.exe (PID: 3204)
Loads dropped or rewritten executable
- NanoCore.exe (PID: 3204)
SUSPICIOUS
Executable content was dropped or overwritten
- WinRAR.exe (PID: 3080)
- NanoCore.exe (PID: 3204)
Creates files in the user directory
- NanoCore.exe (PID: 3204)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .rar | | | RAR compressed archive (v5.0) (61.5) |
|---|---|---|
| .rar | | | RAR compressed archive (gen) (38.4) |
Total processes
33
Monitored processes
2
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 3080 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
| 3204 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: NanoCore Version: 1.2.2.0 | ||||
Total events
1 156
Read events
1 048
Write events
0
Delete events
0
Modification events
Executable files
12
Suspicious files
21
Text files
345
Unknown types
7
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\network.sqlite | sqlite | |
MD5:6978532802DED7B494A7217E0CDDA8A4 | SHA256:418E070CB49CAD847066A8166C26843D8B29210963F4379B9218969415A3326A | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBrowser.ncp | binary | |
MD5:8B13FDC96AF0A84C152F5A601DCC6B06 | SHA256:997C41B05150480BCFAE9ABB3132FC807F6C6B511B810B554FDB5AEDF89F5DB0 | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ClientPlugin.dll | executable | |
MD5:BDC8945F1D799C845408522E372D1DBD | SHA256:61E9D5C0727665E9EF3F328141397BE47C65ED11AB621C644B5BBF1D67138403 | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\PluginCompiler.exe | executable | |
MD5:E2D1C5DF11F9573F6C5D0A7AD1A79FBF | SHA256:0B41B2FCD0F1A4E913D3EFE293F713849D59EFEBB27BAC060AB31BED51AC2F6B | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\client.bin | executable | |
MD5:906A949E34472F99BA683EFF21907231 | SHA256:9D3EA5AF7DC261BF93C76F55D702A315AA22FB241E4207DC86CD834C262245C8 | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ClientPlugin.xml | xml | |
MD5:5D0381A56563B1CA8928E3CF087F1625 | SHA256:0497B92461C2A9CE3101D9397FB3079F60979164336A16653D282273D3085BCC | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\CorePlugin.ncp | binary | |
MD5:7914E7302F72D330AA5F6C5C8C26DF43 | SHA256:F66985518B1E56A04F512D110F5B79F21ED91CBCBF6BD3E17EBA3DCDFB85F9B5 | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MultiCore.ncp | binary | |
MD5:BECB82E1E914E906BE158E3F9DD658AC | SHA256:5494ADF651FC64E3AA6C08E38165D8DBFEC52056CDF4FADAE90B76B0E6816A33 | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\core.sqlite | sqlite | |
MD5:3732DF3263FBAA868BB866BCCA1F402C | SHA256:716D9992711B5B17ECA841836BA5A63DB0A62251BD056A92DB96DECCFA887B41 | |||
| 3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ManagementPlugin.ncp | binary | |
MD5:B612C2C9A6D361A5DB14C04BA126119C | SHA256:B86FE4E126A9748A383A34D615B9598C715F2380C0AAD957495C66923902026C | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
1
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
DNS requests
Domain | IP | Reputation |
|---|---|---|
lazyshare.net |
| unknown |
Threats
Process | Message |
|---|---|
NanoCore.exe | Trying to load native SQLite library "C:\Users\admin\AppData\Local\Temp\Rar$EXa3080.49496\NanoCore 1.2.2.0_Cracked By Alcatraz3222\x86\SQLite.Interop.dll"...
|