Overview
overview
10Static
static
1014-11-2023...1D.rar
windows10-1703-x64
3AveryNuker...DME.md
windows10-1703-x64
3AveryNuker...IS.bat
windows10-1703-x64
10AveryNuker...ry.exe
windows10-1703-x64
7avery.pyc
windows10-1703-x64
3AveryNuker...ls.txt
windows10-1703-x64
1AveryNuker...rs.txt
windows10-1703-x64
1AveryNuker...es.txt
windows10-1703-x64
1AveryNuker...ry.exe
windows10-1703-x64
10AveryNuker...ery.py
windows10-1703-x64
3Analysis
-
max time kernel
315s -
max time network
1614s -
platform
windows10-1703_x64 -
resource
win10-20231020-en -
resource tags
arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system -
submitted
14-11-2023 09:38
Behavioral task
behavioral1
Sample
14-11-2023_VUBSUFEkriWDh1D.rar
Resource
win10-20231023-en
Behavioral task
behavioral2
Sample
AveryNuker-main/README.md
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
AveryNuker-main/RUN THIS.bat
Resource
win10-20231020-en
Behavioral task
behavioral4
Sample
AveryNuker-main/Scraped/avery.exe
Resource
win10-20231020-en
Behavioral task
behavioral5
Sample
avery.pyc
Resource
win10-20231020-en
Behavioral task
behavioral6
Sample
AveryNuker-main/Scraped/channels.txt
Resource
win10-20231023-en
Behavioral task
behavioral7
Sample
AveryNuker-main/Scraped/members.txt
Resource
win10-20231020-en
Behavioral task
behavioral8
Sample
AveryNuker-main/Scraped/roles.txt
Resource
win10-20231020-en
Behavioral task
behavioral9
Sample
AveryNuker-main/avery.exe
Resource
win10-20231025-en
Behavioral task
behavioral10
Sample
AveryNuker-main/avery.py
Resource
win10-20231023-en
General
-
Target
AveryNuker-main/README.md
-
Size
509B
-
MD5
8c4cc448b17e491a5063c6d4933f34e8
-
SHA1
773b60c9ce1ef5c67e8d73c81690c62ac30a63df
-
SHA256
09b8d1616b1abe73c3f610424158555c08858063a25564fe7beb774036dfe91d
-
SHA512
e3c2b572d79638852ec16e8c86e0c81328533d333a1b89b5ab81681097a77a9eadd632fefd62d15f63033bcd99223874d49ba6aecf1ccf6e0297f16f44bb24d0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1080 OpenWith.exe