Overview

overview

7

Static

static

3

NovaCleaner.exe

windows7-x64

7

NovaCleaner.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NovaCleaner.exe

  • Size

    6.6MB

  • MD5

    2e0cd344ecb257ab2f4462484a30f0e8

  • SHA1

    48cd10b9f57ff0dfec2d26258799d2f7965e8b6c

  • SHA256

    8dd1542d25974ef3a081f89875e03b51963498d598c132512f3ee89ee130c11c

  • SHA512

    488fede75c054e2bc63b35eab0cb45b24897298c88c6be19212ed38d25ebc107a8870615dee645c623ae1c823e57cf68b494cd184a2d0db69d4a1115f7f614ec

  • SSDEEP

    196608:/LX4FMIZETSwjPePdrQJ/BKavgcVqwhF5G:/bQETSwvJ0av3c0Fs

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NovaCleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\NovaCleaner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Users\Admin\AppData\Local\Temp\NovaCleaner.exe
      "C:\Users\Admin\AppData\Local\Temp\NovaCleaner.exe"
      2⤵
      • Loads dropped DLL
      PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI28882\python311.dll
    Filesize

    2.8MB

    MD5

    50010a73dd3ad7c141074b80388d17f1

    SHA1

    3702340196f72da8f210bbb8033ffa98b68be0e8

    SHA256

    250a3364b2f83b84b75275cce7fdf9be665bfc1825fffde122be0a8d74cbcac3

    SHA512

    b3c894dc7f31275b1d7959a03de9eb1bf6fffa9063e7f077adad56c3dcaf34421ef244ee98ab9c90df2f59b524b6746da863f5a7b8bb4ea81c19ad008b403d9a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI28882\python311.dll
    Filesize

    2.3MB

    MD5

    e7c750491bc83b51f870d04203b3969a

    SHA1

    b4fd7ba1045d985ab0c346db9785e156243b0f15

    SHA256

    2bc00c2843b4e1bb80888c611a79f35a79bf4bc7aeab26d1fbdfecae54d5c0cb

    SHA512

    aa2628c698c04eb9af59871d9e4b7a0eeb75aa0c895df5c8b768d3bcf8d26fed363363930ce733e2f22943a854e7e5c08bbfc83bf054ab13a411c68536e5d0a8

    Download Submit

  • memory/2044-17-0x000000013F5D0000-0x000000013F628000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2044-19-0x000000013F5D0000-0x000000013F628000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2888-0-0x000000013F5D0000-0x000000013F628000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2888-34-0x000000013F5D0000-0x000000013F628000-memory.dmp

    Filesize

    352KB

    Download