Overview

overview

1

Static

static

1

Nursultan.exe

windows7-x64

1

Nursultan.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2023, 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nursultan.exe

  • Size

    16.1MB

  • MD5

    a5cc05b66da4e5e57d58f2b2f824d604

  • SHA1

    e07f2dd92ac860155aa34b31b71a297a701fa3f6

  • SHA256

    ee6a2c52855f25d00b87f8b36fed5a42031aa03f2dd69e8d8bb1b15da89072ef

  • SHA512

    3b540e4e43e2ee56e866ddafe89713bf719c591500324ef4a39b7e1369ac684d4277df13359cc70cc410bd1673dd28851eb6cdad8e8d453fcb8adfb038b8c20e

  • SSDEEP

    393216:ZncZ9YvMQRVbjUU+5+NBoTRdDzWjWl2xEIYYOok:ZXMwVb3+5+Xo1dva9FYYFk

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nursultan.exe
    "C:\Users\Admin\AppData\Local\Temp\Nursultan.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1432-0-0x00007FFB7CDD0000-0x00007FFB7CDD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1432-2-0x0000000140000000-0x0000000141E3A000-memory.dmp

    Filesize

    30.2MB

    Download

  • memory/1432-1-0x0000000140000000-0x0000000141E3A000-memory.dmp

    Filesize

    30.2MB

    Download

  • memory/1432-6-0x0000000140000000-0x0000000141E3A000-memory.dmp

    Filesize

    30.2MB

    Download