81ac71909750b1ba2225c173ea99f56d6e237aeb70b45212ac757e265c25ea6f

Analysis

Target

DEEM Nuker.exe
Size

8.4MB
MD5

6ac5e900c2c60346ba401e014345d7f8
SHA1

616a611d59cc5d443991303e26136e0a44926ff5
SHA256

81ac71909750b1ba2225c173ea99f56d6e237aeb70b45212ac757e265c25ea6f
SHA512

cdc464f971218459a7878f75e758d8886032d58b9b72dd27b7cba3fe760771358e8d35092ce83b6f54ea88c5a0105d24344e70acaa718713e6e35eae4692a251

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

DEEM Nuker.exe

pid process

1304 DEEM Nuker.exe

pid	process
1304	DEEM Nuker.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

DEEM Nuker.exe

description	pid	process	target process
PID 984 wrote to memory of 1304	984	DEEM Nuker.exe	DEEM Nuker.exe
PID 984 wrote to memory of 1304	984	DEEM Nuker.exe	DEEM Nuker.exe
PID 984 wrote to memory of 1304	984	DEEM Nuker.exe	DEEM Nuker.exe

C:\Users\Admin\AppData\Local\Temp\DEEM Nuker.exe
"C:\Users\Admin\AppData\Local\Temp\DEEM Nuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:984

C:\Users\Admin\AppData\Local\Temp\DEEM Nuker.exe
"C:\Users\Admin\AppData\Local\Temp\DEEM Nuker.exe"
2⤵
- Loads dropped DLL
PID:1304

C:\Users\Admin\AppData\Local\Temp\_MEI9842\python39.dll
MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9842\python39.dll
MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
memory/1304-55-0x0000000000000000-mapping.dmp

Download