9d77d8e588704dc8694395478a4bd44727d8bae25a1ec988f593ef20f7da4adb

Analysis

max time kernel
131s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nexus v2.2.0.exe
Size

14.7MB
MD5

9d3515d804748c2291c5025d0606c647
SHA1

b88473d4d4a3c730d79e6b4200debc7c74251e45
SHA256

9d77d8e588704dc8694395478a4bd44727d8bae25a1ec988f593ef20f7da4adb
SHA512

5deb96e8da3cb2185df05f638d7ad4a42f4f92aff5efcfd177693a67a316b17678b165d7d3f7aa5b1800554d5dd39ce6f186b26956358ec9b9a7861ae2f50b87
SSDEEP

393216:lo9GKTGAdRi7p9nGistTgOmeX3dnCLRhr7hb0oHtE/BBsc:lOdTGAL+bLA+e9nC9hrhRtEPsc

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000016c90-22.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2208	Nexus v2.2.0.tmp

Loads dropped DLL 7 IoCs

pid	Process
2744	Nexus v2.2.0.exe
2208	Nexus v2.2.0.tmp
2208	Nexus v2.2.0.tmp
2208	Nexus v2.2.0.tmp
2208	Nexus v2.2.0.tmp
2208	Nexus v2.2.0.tmp
2208	Nexus v2.2.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	Nexus v2.2.0.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2208	Nexus v2.2.0.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28
PID 2744 wrote to memory of 2208	2744	Nexus v2.2.0.exe	28

C:\Users\Admin\AppData\Local\Temp\Nexus v2.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Nexus v2.2.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Users\Admin\AppData\Local\Temp\is-JT1TI.tmp\Nexus v2.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-JT1TI.tmp\Nexus v2.2.0.tmp" /SL5="$7011E,15020542,53248,C:\Users\Admin\AppData\Local\Temp\Nexus v2.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-85T2M.tmp\BASS.dll

Filesize
96KB

MD5
286d9b79aae13b0b8eec19eff6e112c5

SHA1
72dabedbf90ea9cb7cdad6bfcf4bb34f0dcce41e

SHA256
61813f57a29d7f29467f1dd1c96eebea84e5f51b0b0e74e5f6f905edd6c48aed

SHA512
7d223805d9624a4120d141cec112c0b93909b880521e27a9f8a4a351d9866d6b2e655067fb163be1ca3e7d60b29582cd7879b8ad85eb0f6221bccf60da3fb735

Download Submit
\Users\Admin\AppData\Local\Temp\is-85T2M.tmp\WaterLib.dll

Filesize
120KB

MD5
7aaf9f850b21512678623a9206f572a3

SHA1
1b13e31efa4b32e368010e6a4d02436373220279

SHA256
ad46a43f535d647ab6ed9a8badcee1eff3497e45348844be327f505905b66e2b

SHA512
af2e2fe324928da0c9d59fa9f20bc5614ffe414b5d460296c81452acd0952ee523b75e6a7163c35a52b5b7e134739736331297da6e466d64edf3785222f7ab9d

Download Submit
\Users\Admin\AppData\Local\Temp\is-85T2M.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-85T2M.tmp\isskin.dll

Filesize
363KB

MD5
b31ad1bacfd7c51f35e052b8c7047d44

SHA1
ba58ae4a4a28cd2a4c2a7b85d260e105fa6e79de

SHA256
117ae53cf3e8bc95e6297a15d8365efd792da04df90744d4e244bbf72075ccc3

SHA512
2a4c0d3f7065a9272bd70e8fd121e80d9c4e3d9089285841b245790f4789704c27cb88333ddbf3bbecbc26af926b7ffd7a722352c7f418c84a9087cb1a748368

Download Submit
\Users\Admin\AppData\Local\Temp\is-85T2M.tmp\skin.cjstyles

Filesize
2.0MB

MD5
31e3fe928c4524cbc648205296e600e9

SHA1
593e056da172480921dff41adfd08bd224b2baec

SHA256
268b637662ddf5ea58ae7a531a075dc71076f1093b6f9e68a0c1db8f79ca4349

SHA512
10569aade996407d3b749eb35bc961f827a5c90c158bceea89f4344c6d57aaf33c9831b52e71ba32171c725928b636cfc5a5e86b839185efe7ec97cfa0597b0e

Download Submit
\Users\Admin\AppData\Local\Temp\is-JT1TI.tmp\Nexus v2.2.0.tmp

Filesize
669KB

MD5
df378ec3751fa0b4815a15b0a7bf365b

SHA1
37bc361f0ed1c94033a49cb8c4a3880c72b3d74e

SHA256
c9015443a8680296828834326dcdc982c8ed8f6ec6c69f219cac39c3e94b8798

SHA512
515c372ae640d797d66553cd6930ead79466a9176ec338fe7e6f5383d77b92c378ba83092828b81c62885a3895dbc084e1cfb0b1cf949eeacf36a35aa91b3925

Download Submit
memory/2208-91-0x0000000074BD0000-0x0000000074C5C000-memory.dmp

Filesize
560KB

Download
memory/2208-256-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2208-29-0x0000000075E40000-0x0000000075EE0000-memory.dmp

Filesize
640KB

Download
memory/2208-30-0x0000000077190000-0x000000007721F000-memory.dmp

Filesize
572KB

Download
memory/2208-31-0x0000000075760000-0x00000000758BC000-memory.dmp

Filesize
1.4MB

Download
memory/2208-92-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/2208-33-0x00000000760F0000-0x0000000076D3A000-memory.dmp

Filesize
12.3MB

Download
memory/2208-36-0x0000000077220000-0x000000007724A000-memory.dmp

Filesize
168KB

Download
memory/2208-35-0x0000000074BD0000-0x0000000074C5C000-memory.dmp

Filesize
560KB

Download
memory/2208-42-0x0000000074FF0000-0x0000000074FF9000-memory.dmp

Filesize
36KB

Download
memory/2208-41-0x0000000075760000-0x00000000758BC000-memory.dmp

Filesize
1.4MB

Download
memory/2208-44-0x00000000758F0000-0x0000000075947000-memory.dmp

Filesize
348KB

Download
memory/2208-43-0x0000000074E30000-0x0000000074FCE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-40-0x0000000077190000-0x000000007721F000-memory.dmp

Filesize
572KB

Download
memory/2208-45-0x00000000760F0000-0x0000000076D3A000-memory.dmp

Filesize
12.3MB

Download
memory/2208-39-0x0000000075E40000-0x0000000075EE0000-memory.dmp

Filesize
640KB

Download
memory/2208-52-0x0000000075620000-0x00000000756BD000-memory.dmp

Filesize
628KB

Download
memory/2208-51-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/2208-53-0x0000000075E40000-0x0000000075EE0000-memory.dmp

Filesize
640KB

Download
memory/2208-55-0x0000000074D90000-0x0000000074DA2000-memory.dmp

Filesize
72KB

Download
memory/2208-56-0x0000000074E30000-0x0000000074FCE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-57-0x00000000758F0000-0x0000000075947000-memory.dmp

Filesize
348KB

Download
memory/2208-61-0x0000000076060000-0x00000000760E3000-memory.dmp

Filesize
524KB

Download
memory/2208-64-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/2208-68-0x0000000074E30000-0x0000000074FCE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-71-0x0000000076060000-0x00000000760E3000-memory.dmp

Filesize
524KB

Download
memory/2208-73-0x0000000074B90000-0x0000000074BC2000-memory.dmp

Filesize
200KB

Download
memory/2208-74-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/2208-77-0x0000000077190000-0x000000007721F000-memory.dmp

Filesize
572KB

Download
memory/2208-81-0x00000000758F0000-0x0000000075947000-memory.dmp

Filesize
348KB

Download
memory/2208-82-0x0000000075BB0000-0x0000000075C2B000-memory.dmp

Filesize
492KB

Download
memory/2208-88-0x0000000074B90000-0x0000000074BC2000-memory.dmp

Filesize
200KB

Download
memory/2208-24-0x0000000004DD0000-0x0000000004E25000-memory.dmp

Filesize
340KB

Download
memory/2208-95-0x0000000074E30000-0x0000000074FCE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-94-0x0000000074D90000-0x0000000074DA2000-memory.dmp

Filesize
72KB

Download
memory/2208-93-0x0000000077190000-0x000000007721F000-memory.dmp

Filesize
572KB

Download
memory/2208-32-0x00000000758F0000-0x0000000075947000-memory.dmp

Filesize
348KB

Download
memory/2208-28-0x0000000075620000-0x00000000756BD000-memory.dmp

Filesize
628KB

Download
memory/2208-85-0x0000000075050000-0x0000000075063000-memory.dmp

Filesize
76KB

Download
memory/2208-87-0x0000000074BD0000-0x0000000074C5C000-memory.dmp

Filesize
560KB

Download
memory/2208-86-0x0000000076060000-0x00000000760E3000-memory.dmp

Filesize
524KB

Download
memory/2208-89-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/2208-80-0x0000000074E30000-0x0000000074FCE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-79-0x0000000074FF0000-0x0000000074FF9000-memory.dmp

Filesize
36KB

Download
memory/2208-78-0x0000000074D90000-0x0000000074DA2000-memory.dmp

Filesize
72KB

Download
memory/2208-76-0x0000000075E40000-0x0000000075EE0000-memory.dmp

Filesize
640KB

Download
memory/2208-75-0x0000000075620000-0x00000000756BD000-memory.dmp

Filesize
628KB

Download
memory/2208-72-0x0000000074BD0000-0x0000000074C5C000-memory.dmp

Filesize
560KB

Download
memory/2208-69-0x00000000758F0000-0x0000000075947000-memory.dmp

Filesize
348KB

Download
memory/2208-67-0x0000000074FF0000-0x0000000074FF9000-memory.dmp

Filesize
36KB

Download
memory/2208-66-0x0000000074D90000-0x0000000074DA2000-memory.dmp

Filesize
72KB

Download
memory/2208-65-0x0000000075E40000-0x0000000075EE0000-memory.dmp

Filesize
640KB

Download
memory/2208-63-0x0000000074B90000-0x0000000074BC2000-memory.dmp

Filesize
200KB

Download
memory/2208-62-0x0000000074BD0000-0x0000000074C5C000-memory.dmp

Filesize
560KB

Download
memory/2208-60-0x0000000075050000-0x0000000075063000-memory.dmp

Filesize
76KB

Download
memory/2208-58-0x0000000075BB0000-0x0000000075C2B000-memory.dmp

Filesize
492KB

Download
memory/2208-54-0x0000000077190000-0x000000007721F000-memory.dmp

Filesize
572KB

Download
memory/2208-50-0x0000000074B90000-0x0000000074BC2000-memory.dmp

Filesize
200KB

Download
memory/2208-49-0x0000000076060000-0x00000000760E3000-memory.dmp

Filesize
524KB

Download
memory/2208-46-0x0000000075BB0000-0x0000000075C2B000-memory.dmp

Filesize
492KB

Download
memory/2208-38-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/2208-37-0x0000000074B90000-0x0000000074BC2000-memory.dmp

Filesize
200KB

Download
memory/2208-34-0x0000000074C60000-0x0000000074D7C000-memory.dmp

Filesize
1.1MB

Download
memory/2208-237-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/2208-238-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/2208-12-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2208-249-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2208-259-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/2208-258-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/2208-90-0x00000000758F0000-0x0000000075947000-memory.dmp

Filesize
348KB

Download
memory/2208-257-0x0000000004DD0000-0x0000000004E25000-memory.dmp

Filesize
340KB

Download
memory/2744-255-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2744-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download