Overview

overview

10

Static

static

10

cd94462486...32.exe

windows7-x64

10

cd94462486...32.exe

windows10-2004-x64

10

cdb97c07f0...ca.exe

windows7-x64

1

cdb97c07f0...ca.exe

windows10-2004-x64

1

cdfbee96df...25.exe

windows7-x64

10

cdfbee96df...25.exe

windows10-2004-x64

10

ce01fc8942...b5.exe

windows7-x64

10

ce01fc8942...b5.exe

windows10-2004-x64

10

ce5340f773...6e.exe

windows7-x64

10

ce5340f773...6e.exe

windows10-2004-x64

10

ce6d4255fc...f1.exe

windows7-x64

10

ce6d4255fc...f1.exe

windows10-2004-x64

10

ce8f0a3c5b...fc.exe

windows7-x64

8

ce8f0a3c5b...fc.exe

windows10-2004-x64

8

cef4f0409d...db.exe

windows7-x64

10

cef4f0409d...db.exe

windows10-2004-x64

10

cf15609eab...81.exe

windows7-x64

9

cf15609eab...81.exe

windows10-2004-x64

9

cf3f6f6285...6e.exe

windows7-x64

10

cf3f6f6285...6e.exe

windows10-2004-x64

10

cf450b1869...e9.exe

windows7-x64

10

cf450b1869...e9.exe

windows10-2004-x64

10

cf56059ae5...a1.exe

windows7-x64

10

cf56059ae5...a1.exe

windows10-2004-x64

10

cf79ab31cc...04.exe

windows7-x64

10

cf79ab31cc...04.exe

windows10-2004-x64

10

cf8d6b1a05...68.exe

windows7-x64

10

cf8d6b1a05...68.exe

windows10-2004-x64

10

cf96c893c9...10.exe

windows7-x64

1

cf96c893c9...10.exe

windows10-2004-x64

1

cfd31bf82d...9b.exe

windows7-x64

7

cfd31bf82d...9b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce5340f77345fe52a889a5f1543f19e4764b86984973180a8fae158fa960576e.exe

  • Size

    202KB

  • MD5

    964700eb187208919c2c957d466eb775

  • SHA1

    5d241ab240f041582e6fb7ab4d4f66b11530462f

  • SHA256

    ce5340f77345fe52a889a5f1543f19e4764b86984973180a8fae158fa960576e

  • SHA512

    db68a1e7ec77d191680bee581a16756137d6ba32196f6f65b0df31aedddbc2f0c998eeafb50073c0f890393dfad61b64162373b9e05bc2eac97afc1976bce4dd

  • SSDEEP

    6144:wLV6Bta6dtJmakIM5QdbAgjDkjtgyB9bXd:wLV6Btpmk9dNjDkjtn9bt

Score
10/10
nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce5340f77345fe52a889a5f1543f19e4764b86984973180a8fae158fa960576e.exe
    "C:\Users\Admin\AppData\Local\Temp\ce5340f77345fe52a889a5f1543f19e4764b86984973180a8fae158fa960576e.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4740-0-0x0000000074EF2000-0x0000000074EF3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-1-0x0000000074EF0000-0x00000000754A1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4740-2-0x0000000074EF0000-0x00000000754A1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4740-5-0x0000000074EF0000-0x00000000754A1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4740-6-0x0000000074EF2000-0x0000000074EF3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-7-0x0000000074EF0000-0x00000000754A1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4740-8-0x0000000074EF0000-0x00000000754A1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4740-9-0x0000000074EF0000-0x00000000754A1000-memory.dmp

    Filesize

    5.7MB

    Download