Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
22-10-2021 00:15
Static task
static1
Behavioral task
behavioral1
Sample
DEEM Nuker.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DEEM Nuker.exe
Resource
win10-en-20211014
General
-
Target
DEEM Nuker.exe
-
Size
8.4MB
-
MD5
6ac5e900c2c60346ba401e014345d7f8
-
SHA1
616a611d59cc5d443991303e26136e0a44926ff5
-
SHA256
81ac71909750b1ba2225c173ea99f56d6e237aeb70b45212ac757e265c25ea6f
-
SHA512
cdc464f971218459a7878f75e758d8886032d58b9b72dd27b7cba3fe760771358e8d35092ce83b6f54ea88c5a0105d24344e70acaa718713e6e35eae4692a251
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
DEEM Nuker.exepid process 1304 DEEM Nuker.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
DEEM Nuker.exedescription pid process target process PID 984 wrote to memory of 1304 984 DEEM Nuker.exe DEEM Nuker.exe PID 984 wrote to memory of 1304 984 DEEM Nuker.exe DEEM Nuker.exe PID 984 wrote to memory of 1304 984 DEEM Nuker.exe DEEM Nuker.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI9842\python39.dllMD5
7e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
\Users\Admin\AppData\Local\Temp\_MEI9842\python39.dllMD5
7e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
memory/1304-55-0x0000000000000000-mapping.dmp