Overview

overview

7

Static

static

3

MonowareNuker.exe

windows7-x64

7

MonowareNuker.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 15:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MonowareNuker.exe

  • Size

    154KB

  • MD5

    034001528822be7eb60525cef7ab58e5

  • SHA1

    bdfc7fbbd6ec947b1afc24de1f9f12c0667ee39e

  • SHA256

    f58153ad0cf5f313112e8aa72fd639724a361ebb920259f3dcbc782a14323639

  • SHA512

    b1e4f8e7213acd94bcb7b1bd620db2711f6c2aaf0ae7c4a2444c81d3cbfd44e1a832eead05067e106d8c2d7dcc031ab7d1e842c4ee3ff806e9ea0394b96e6416

  • SSDEEP

    3072:srQ9MJW6gZFbJchBuih27Xq7MTc5TU/RpALLwoj:F9XZJJchBR5gTGT2Rpcko

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MonowareNuker.exe
    "C:\Users\Admin\AppData\Local\Temp\MonowareNuker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2320 -s 1996
      2⤵
        PID:1496

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\sByte.dll
            Filesize

            39KB

            MD5

            d80d1b6d9a6d5986fa47f6f8487030e1

            SHA1

            8f5773bf9eca43b079c1766b2e9f44cc90bd9215

            SHA256

            446128f1712da8064d0197376184315cb529ed26ed9122f7b171bb208e22c0c3

            SHA512

            9fcf0105c2c9ee81c526d41633d93579bb8e2837989d77fb4a6523440415ec2d7fa46ac9ae4e55ecebd99126837817ac308cc079475de02667b21727a43d74cc

            Download Submit

          • memory/2320-0-0x0000000000AA0000-0x0000000000ACC000-memory.dmp

            Filesize

            176KB

            Download

          • memory/2320-2-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2320-1-0x0000000000340000-0x0000000000352000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2320-3-0x000000001AF30000-0x000000001AFB0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2320-7-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2320-8-0x000000001AF30000-0x000000001AFB0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2320-9-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

            Filesize

            9.9MB

            Download