Overview

overview

6

Static

static

1

nipe/.git/...sample

windows7-x64

6

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/.git/...sample

windows7-x64

3

nipe/lib/N...art.pm

windows7-x64

3

nipe/lib/N...art.pm

windows7-x64

3

nipe/lib/N...top.pm

windows7-x64

3

nipe/lib/N...ice.pm

windows7-x64

3

nipe/lib/N...per.pm

windows7-x64

3

nipe/lib/N...all.pm

windows7-x64

3

nipe/lib/N...tus.pm

windows7-x64

3

nipe/nipe.pl

windows7-x64

3

Analysis

  • max time kernel
    85s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    24-04-2023 05:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nipe/.git/hooks/pre-commit.sample

  • Size

    1KB

  • MD5

    305eadbbcd6f6d2567e033ad12aabbc4

  • SHA1

    a79d057388ee2c2fe6561d7697f1f5efcff96f23

  • SHA256

    f9af7d95eb1231ecf2eba9770fedfa8d4797a12b02d7240e98d568201251244a

  • SHA512

    7cfb0a58abed1915ee1b261a1c661c7e2deea4e9227f77f5875af1a25c82e19245ba12dcb2f5052d994d0e81a3465daf37f9d8c670e17f9c96742f60fdfaaa56

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nipe\.git\hooks\pre-commit.sample
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\nipe\.git\hooks\pre-commit.sample
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1600

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads