22a6eb0862594b96fd3b3f9345f40d9e51e0514ca79729e01454e0f4586961ca

Analysis

Target

Hackz Nuker.exe
Size

10.2MB
MD5

9c4946a5517669a8c2c1831abfafcec0
SHA1

e5fd6691b6df0dbc99078afe907a23690667c9c1
SHA256

22a6eb0862594b96fd3b3f9345f40d9e51e0514ca79729e01454e0f4586961ca
SHA512

e4a26051ee6515c4bc8528dde5906c307aac5dcf2312344b3bffbbac0c02a6be9aee8953cd33e4ac0f1d43a58c69e14e7957b162d0c10b424639c5e2dac41010

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

Hackz Nuker.exe

pid process

1768 Hackz Nuker.exe

pid	process
1768	Hackz Nuker.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Hackz Nuker.exe

description	pid	process	target process
PID 1076 wrote to memory of 1768	1076	Hackz Nuker.exe	Hackz Nuker.exe
PID 1076 wrote to memory of 1768	1076	Hackz Nuker.exe	Hackz Nuker.exe
PID 1076 wrote to memory of 1768	1076	Hackz Nuker.exe	Hackz Nuker.exe

C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe
"C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1076

C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe
"C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"
2⤵
- Loads dropped DLL
PID:1768

C:\Users\Admin\AppData\Local\Temp\_MEI10762\python39.dll
MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10762\python39.dll
MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
memory/1768-60-0x0000000000000000-mapping.dmp

Download