Overview

overview

8

Static

static

nis_full.exe

windows10-1703-x64

8

nis_full.exe

windows7-x64

8

nis_full.exe

windows10-2004-x64

8

nis_full.exe

android-10-x64

nis_full.exe

android-11-x64

nis_full.exe

android-9-x86

nis_full.exe

macos-10.15-amd64

1

nis_full.exe

debian-9-armhf

nis_full.exe

debian-9-mips

nis_full.exe

debian-9-mipsel

nis_full.exe

ubuntu-18.04-amd64

Analysis

  • max time kernel
    366s
  • max time network
    858s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/01/2023, 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nis_full.exe

  • Size

    1.6MB

  • MD5

    99dd4797f8ef652df680e387b662ef5e

  • SHA1

    12dfbedba2d3144392cd709991429c5342726a72

  • SHA256

    ce48b8ed76bcf4440ed4691d0f2009d25f8af5b1338ac92b9251e168af110154

  • SHA512

    2417f0e97fea413505fea112b6b4af350bed18234866aeb1cc17b414fe788295c5cb2d2a3f5f12f50bfe1729ccc370d0f9686a7cdb7c129c4faf6a8b8802955a

  • SSDEEP

    49152:IjZgdnV8OHZGqNg66uVjhzbAfWt2evyNs:ImHZK/y93ke

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nis_full.exe
    "C:\Users\Admin\AppData\Local\Temp\nis_full.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Users\Admin\AppData\Local\Temp\{951B51EE-63BB-4ED0-BCD0-35B8C4759621}\mpsigstub.exe
      C:\Users\Admin\AppData\Local\Temp\{951B51EE-63BB-4ED0-BCD0-35B8C4759621}\mpsigstub.exe /stub 1.1.14500.5 /payload 119.0.0.0 /program C:\Users\Admin\AppData\Local\Temp\nis_full.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\{951B51EE-63BB-4ED0-BCD0-35B8C4759621}\mpsigstub.exe
    Filesize

    535KB

    MD5

    38d39de143de95b58244bbfbad1cf372

    SHA1

    a92fa1376c528b0a06f18b1166ced0ab9b9d3d11

    SHA256

    0bb339c22fb53e6bc8f8475590d8549f5432f45cf61337db15d0d2ff552324bb

    SHA512

    00e417d81fa3c9449d29c5f7f46c8ec85617b473a6929848f9dedc663f7e37e1cda1be840564d06611b1af4096cfc468c62ec7b8a5eb376277214af513055220

    Download Submit