208673224933c0afac03ed353d00261e836d96395eef6f4910770c5e471333ec

Analysis

max time kernel
1500s
max time network
1173s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nexx Private V2/build/main/main.pkg
Size

4.9MB
MD5

93f11d8c3c4a326b164a28f74a225217
SHA1

0c43283b5f37193226d07b74144fb3919c5d88f9
SHA256

a667ebf5ca3e2464603d14175c01a158bfcdb2c814cf37ef730111a268ea7b10
SHA512

b6efc1f87b10de36c64b7e03299154d6b59228c8d4de42558e657320920bb25aadb48c51496d3fc819a5fe0699f0443628ea5e1cb42c7fe16eca0f52ffb1d0d3
SSDEEP

98304:F3epzb71QGQCPDbZfHayCb7BJ5mjwNwwMeZYobSr+RO1y2JL:FsdQmRfaycBIGpEog1yqL

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4500	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Nexx Private V2\build\main\main.pkg"
1⤵
- Modifies registry class
PID:2628

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4740

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
2c8f4864dc3a48c73c8cc1faedfd91e9

SHA1
ed98dec03f52b5e2732c8a2699cad75ed27ace9d

SHA256
d5d9166845d209696aa10a120d116342a2764bb77fda4cbb1eddac1b05b0e279

SHA512
7315f689c50630b580ceb5ef5acd979c8038fb39564c00acbdbfa23f7917cc6bd513c73ee8977018824a5b9b3d66cb86995878d2a3dcb085c783c325f921ad30

Download Submit
memory/4500-40-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-42-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-33-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-34-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-35-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-36-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-37-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-38-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-39-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-43-0x000001CEE8F40000-0x000001CEE8F41000-memory.dmp

Filesize
4KB

Download
memory/4500-32-0x000001CEE92F0000-0x000001CEE92F1000-memory.dmp

Filesize
4KB

Download
memory/4500-41-0x000001CEE9310000-0x000001CEE9311000-memory.dmp

Filesize
4KB

Download
memory/4500-0-0x000001CEE0C40000-0x000001CEE0C50000-memory.dmp

Filesize
64KB

Download
memory/4500-44-0x000001CEE8F30000-0x000001CEE8F31000-memory.dmp

Filesize
4KB

Download
memory/4500-46-0x000001CEE8F40000-0x000001CEE8F41000-memory.dmp

Filesize
4KB

Download
memory/4500-49-0x000001CEE8F30000-0x000001CEE8F31000-memory.dmp

Filesize
4KB

Download
memory/4500-52-0x000001CEE8E70000-0x000001CEE8E71000-memory.dmp

Filesize
4KB

Download
memory/4500-16-0x000001CEE0D40000-0x000001CEE0D50000-memory.dmp

Filesize
64KB

Download
memory/4500-64-0x000001CEE9070000-0x000001CEE9071000-memory.dmp

Filesize
4KB

Download
memory/4500-66-0x000001CEE9080000-0x000001CEE9081000-memory.dmp

Filesize
4KB

Download
memory/4500-67-0x000001CEE9080000-0x000001CEE9081000-memory.dmp

Filesize
4KB

Download
memory/4500-68-0x000001CEE9190000-0x000001CEE9191000-memory.dmp

Filesize
4KB

Download