Overview
overview
10Static
static
1014-11-2023...1D.rar
windows10-1703-x64
3AveryNuker...DME.md
windows10-1703-x64
3AveryNuker...IS.bat
windows10-1703-x64
10AveryNuker...ry.exe
windows10-1703-x64
7avery.pyc
windows10-1703-x64
3AveryNuker...ls.txt
windows10-1703-x64
1AveryNuker...rs.txt
windows10-1703-x64
1AveryNuker...es.txt
windows10-1703-x64
1AveryNuker...ry.exe
windows10-1703-x64
10AveryNuker...ery.py
windows10-1703-x64
3Analysis
-
max time kernel
314s -
max time network
1612s -
platform
windows10-1703_x64 -
resource
win10-20231023-en -
resource tags
arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system -
submitted
14-11-2023 09:38
Behavioral task
behavioral1
Sample
14-11-2023_VUBSUFEkriWDh1D.rar
Resource
win10-20231023-en
Behavioral task
behavioral2
Sample
AveryNuker-main/README.md
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
AveryNuker-main/RUN THIS.bat
Resource
win10-20231020-en
Behavioral task
behavioral4
Sample
AveryNuker-main/Scraped/avery.exe
Resource
win10-20231020-en
Behavioral task
behavioral5
Sample
avery.pyc
Resource
win10-20231020-en
Behavioral task
behavioral6
Sample
AveryNuker-main/Scraped/channels.txt
Resource
win10-20231023-en
Behavioral task
behavioral7
Sample
AveryNuker-main/Scraped/members.txt
Resource
win10-20231020-en
Behavioral task
behavioral8
Sample
AveryNuker-main/Scraped/roles.txt
Resource
win10-20231020-en
Behavioral task
behavioral9
Sample
AveryNuker-main/avery.exe
Resource
win10-20231025-en
Behavioral task
behavioral10
Sample
AveryNuker-main/avery.py
Resource
win10-20231023-en
General
-
Target
14-11-2023_VUBSUFEkriWDh1D.rar
-
Size
11.6MB
-
MD5
4be2e7f28c6fd64cee77c73f46359548
-
SHA1
327a78d1f0b87418d612c656592b7d5b57d260d3
-
SHA256
ba21c2f23d365ac2809dac09e2b41c2b345d17bef526ad6623b6920ea28dc61b
-
SHA512
243bdf001ec81fcfb23c22806be8e12cf273053aeb62a10c2051f3c2943c8e35d687bca1d0e5f0a2335a96666d928ed6c3cf1e0063b70d9e4f7a6bb9c0ff9191
-
SSDEEP
196608:L1ePaxxQJH2eFEdbHBhg2Xkb/8tz6GSh41KTx6G981T2JV15sjl+oBnlTyZW+mrn:LgPmeN6AjE6GSCKNL15gllnMPoEfENAq
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1316 OpenWith.exe