Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
22-10-2021 07:26
Static task
static1
Behavioral task
behavioral1
Sample
AveryNuker/AveryNuker.exe
Resource
win7-en-20210920
General
-
Target
AveryNuker/AveryNuker.exe
-
Size
12.0MB
-
MD5
24872cd671d2f790c51567cb2f5102be
-
SHA1
e8b03b5ac222e382af70d31c839f97510e2cd277
-
SHA256
60dd8814d409e4ce28bf068df0982a3ab82549f40589da218af79a47be93078c
-
SHA512
e8e3967ca8d47f05cf4bb21afed0ca8a48dee51e9a40648c61327e5bd0d4f5a09e53bc4a03780a3f636497c8de8505f851f9f0bcb755f0a3ddf1dafa43a8a078
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
AveryNuker.exepid process 876 AveryNuker.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
AveryNuker.exedescription pid process target process PID 796 wrote to memory of 876 796 AveryNuker.exe AveryNuker.exe PID 796 wrote to memory of 876 796 AveryNuker.exe AveryNuker.exe PID 796 wrote to memory of 876 796 AveryNuker.exe AveryNuker.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\AveryNuker\AveryNuker.exe"C:\Users\Admin\AppData\Local\Temp\AveryNuker\AveryNuker.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AveryNuker\AveryNuker.exe"C:\Users\Admin\AppData\Local\Temp\AveryNuker\AveryNuker.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI7962\python39.dllMD5
64fde73c54618af1854a51db302192fe
SHA1c5580dcea411bfed2d969551e8089aab8285a1d8
SHA256d44753fe884b228da36acb17c879b500aeb0225a38fb7ca142fb046c60b22204
SHA512a7d368301a27ee07a542e45e9ad27683707979fb198b887b66b523609f69e3327d4b77b7edc988c73a4fe26c44bff3abfcd032a991cd730fd8e0de2dad2e3a06
-
\Users\Admin\AppData\Local\Temp\_MEI7962\python39.dllMD5
64fde73c54618af1854a51db302192fe
SHA1c5580dcea411bfed2d969551e8089aab8285a1d8
SHA256d44753fe884b228da36acb17c879b500aeb0225a38fb7ca142fb046c60b22204
SHA512a7d368301a27ee07a542e45e9ad27683707979fb198b887b66b523609f69e3327d4b77b7edc988c73a4fe26c44bff3abfcd032a991cd730fd8e0de2dad2e3a06
-
memory/876-54-0x0000000000000000-mapping.dmp