nanocore | fc852a6d9cf7897876a229a49827a63366c5e78a20c6d156b0f2b9f7f766148e

Analysis

max time kernel
96s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc852a6d9cf7897876a229a49827a63366c5e78a20c6d156b0f2b9f7f766148e.exe
Size

3.7MB
MD5

3d43a6bc516ead23366722de85f2d29e
SHA1

7def8c22d6f6648294eb579b4f42453c16ad9587
SHA256

fc852a6d9cf7897876a229a49827a63366c5e78a20c6d156b0f2b9f7f766148e
SHA512

a792e9e496fb0b04ee1ced566481dbbb0c44373d6b79dc4470261f103fbeba1d21bc3f4ee270e965d43240237bafa42604c1fb1251267dc6dcfaad6a29eb74c8
SSDEEP

98304:J03GZpn+8vcAAWrX+ndJAOscZ3/hMZMI0JfVy:J0Wrc6OnsOscZGf0J

Score

10^/10

nanocore discovery keylogger spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc852a6d9cf7897876a229a49827a63366c5e78a20c6d156b0f2b9f7f766148e.exe

C:\Users\Admin\AppData\Local\Temp\fc852a6d9cf7897876a229a49827a63366c5e78a20c6d156b0f2b9f7f766148e.exe
"C:\Users\Admin\AppData\Local\Temp\fc852a6d9cf7897876a229a49827a63366c5e78a20c6d156b0f2b9f7f766148e.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4252-0-0x0000000074980000-0x0000000074F31000-memory.dmp

Filesize
5.7MB

Download
memory/4252-1-0x00000000048E0000-0x00000000049F7000-memory.dmp

Filesize
1.1MB

Download
memory/4252-2-0x00000000048E0000-0x00000000049F7000-memory.dmp

Filesize
1.1MB

Download
memory/4252-3-0x00000000048E0000-0x00000000049F7000-memory.dmp

Filesize
1.1MB

Download
memory/4252-25-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/4252-10-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4252-44-0x0000000074982000-0x0000000074983000-memory.dmp

Filesize
4KB

Download
memory/4252-43-0x0000000006DF0000-0x0000000006DF1000-memory.dmp

Filesize
4KB

Download
memory/4252-42-0x0000000006DC0000-0x0000000006DC1000-memory.dmp

Filesize
4KB

Download
memory/4252-41-0x0000000006DE0000-0x0000000006DE1000-memory.dmp

Filesize
4KB

Download
memory/4252-40-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/4252-39-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/4252-38-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/4252-37-0x0000000006E80000-0x0000000006E81000-memory.dmp

Filesize
4KB

Download
memory/4252-36-0x0000000006ED0000-0x0000000006ED1000-memory.dmp

Filesize
4KB

Download
memory/4252-35-0x0000000006EC0000-0x0000000006EC1000-memory.dmp

Filesize
4KB

Download
memory/4252-50-0x0000000009E70000-0x0000000009E94000-memory.dmp

Filesize
144KB

Download
memory/4252-47-0x0000000009E70000-0x0000000009E94000-memory.dmp

Filesize
144KB

Download
memory/4252-55-0x0000000074980000-0x0000000074F31000-memory.dmp

Filesize
5.7MB

Download
memory/4252-45-0x0000000009E70000-0x0000000009E94000-memory.dmp

Filesize
144KB

Download
memory/4252-34-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/4252-33-0x0000000006E20000-0x0000000006E21000-memory.dmp

Filesize
4KB

Download
memory/4252-32-0x0000000006D60000-0x0000000006D61000-memory.dmp

Filesize
4KB

Download
memory/4252-31-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/4252-30-0x0000000077A72000-0x0000000077A73000-memory.dmp

Filesize
4KB

Download
memory/4252-29-0x0000000006EB0000-0x0000000006EB1000-memory.dmp

Filesize
4KB

Download
memory/4252-22-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/4252-19-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/4252-16-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/4252-14-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/4252-4-0x00000000048E0000-0x00000000049F7000-memory.dmp

Filesize
1.1MB

Download
memory/4252-56-0x0000000074980000-0x0000000074F31000-memory.dmp

Filesize
5.7MB

Download
memory/4252-57-0x0000000074980000-0x0000000074F31000-memory.dmp

Filesize
5.7MB

Download
memory/4252-70-0x00000000048E0000-0x00000000049F7000-memory.dmp

Filesize
1.1MB

Download
memory/4252-71-0x0000000074980000-0x0000000074F31000-memory.dmp

Filesize
5.7MB

Download