Overview
overview
10Static
static
1014-11-2023...1D.rar
windows10-1703-x64
3AveryNuker...DME.md
windows10-1703-x64
3AveryNuker...IS.bat
windows10-1703-x64
10AveryNuker...ry.exe
windows10-1703-x64
7avery.pyc
windows10-1703-x64
3AveryNuker...ls.txt
windows10-1703-x64
1AveryNuker...rs.txt
windows10-1703-x64
1AveryNuker...es.txt
windows10-1703-x64
1AveryNuker...ry.exe
windows10-1703-x64
10AveryNuker...ery.py
windows10-1703-x64
3Analysis
-
max time kernel
315s -
max time network
1617s -
platform
windows10-1703_x64 -
resource
win10-20231020-en -
resource tags
arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system -
submitted
14-11-2023 09:38
Behavioral task
behavioral1
Sample
14-11-2023_VUBSUFEkriWDh1D.rar
Resource
win10-20231023-en
Behavioral task
behavioral2
Sample
AveryNuker-main/README.md
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
AveryNuker-main/RUN THIS.bat
Resource
win10-20231020-en
Behavioral task
behavioral4
Sample
AveryNuker-main/Scraped/avery.exe
Resource
win10-20231020-en
Behavioral task
behavioral5
Sample
avery.pyc
Resource
win10-20231020-en
Behavioral task
behavioral6
Sample
AveryNuker-main/Scraped/channels.txt
Resource
win10-20231023-en
Behavioral task
behavioral7
Sample
AveryNuker-main/Scraped/members.txt
Resource
win10-20231020-en
Behavioral task
behavioral8
Sample
AveryNuker-main/Scraped/roles.txt
Resource
win10-20231020-en
Behavioral task
behavioral9
Sample
AveryNuker-main/avery.exe
Resource
win10-20231025-en
Behavioral task
behavioral10
Sample
AveryNuker-main/avery.py
Resource
win10-20231023-en
General
-
Target
avery.pyc
-
Size
24KB
-
MD5
721d94f7c25e4f62de411a739ae1633b
-
SHA1
59e9639c597c7134c28bc42420a56d440ce38185
-
SHA256
9f85bf1bca3fd5687f9873a56d39732be8616982878f0b3908ee85aa0955aadf
-
SHA512
806bfe0ff5ae7ad808c9ef67ef5ee35a58fa7fe5844591791434c326e198037864c562a5817048fbb62b43374220383d3b25cc5bd9ddfb52456378133534a9fe
-
SSDEEP
768:go61VcV5OPr9gSUVojeX8eZp9hzSsHWji+NvUmpzhlN:l61j9PioCrDzSsHV+hUGlN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4676 OpenWith.exe