9d77d8e588704dc8694395478a4bd44727d8bae25a1ec988f593ef20f7da4adb

Analysis

max time kernel
16s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nexus v2.2.0.exe
Size

14.7MB
MD5

9d3515d804748c2291c5025d0606c647
SHA1

b88473d4d4a3c730d79e6b4200debc7c74251e45
SHA256

9d77d8e588704dc8694395478a4bd44727d8bae25a1ec988f593ef20f7da4adb
SHA512

5deb96e8da3cb2185df05f638d7ad4a42f4f92aff5efcfd177693a67a316b17678b165d7d3f7aa5b1800554d5dd39ce6f186b26956358ec9b9a7861ae2f50b87
SSDEEP

393216:lo9GKTGAdRi7p9nGistTgOmeX3dnCLRhr7hb0oHtE/BBsc:lOdTGAL+bLA+e9nC9hrhRtEPsc

Score

7^/10

discovery

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0006000000023220-21.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
4700	Nexus v2.2.0.tmp

Loads dropped DLL 6 IoCs

pid	Process
4700	Nexus v2.2.0.tmp
4700	Nexus v2.2.0.tmp
4700	Nexus v2.2.0.tmp
4700	Nexus v2.2.0.tmp
4700	Nexus v2.2.0.tmp
4700	Nexus v2.2.0.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\is-BCD8S.tmp	Nexus v2.2.0.tmp

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Uninstall Nexus\unins000.dat	Nexus v2.2.0.tmp
File created	C:\Program Files (x86)\Uninstall Nexus\is-EV4D4.tmp	Nexus v2.2.0.tmp
File created	C:\Program Files (x86)\is-F12OS.tmp	Nexus v2.2.0.tmp
File created	C:\Program Files (x86)\Common Files\Digidesign\DAE\Plug-Ins\is-FH432.tmp	Nexus v2.2.0.tmp
File created	C:\Program Files (x86)\Common Files\Digidesign\DAE\Plug-Ins\is-DEVP7.tmp	Nexus v2.2.0.tmp
File created	C:\Program Files (x86)\Manual\is-OJRO9.tmp	Nexus v2.2.0.tmp
File created	C:\Program Files (x86)\Manual\is-1I74T.tmp	Nexus v2.2.0.tmp
File opened for modification	C:\Program Files (x86)\Uninstall Nexus\unins000.dat	Nexus v2.2.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4700	Nexus v2.2.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 4700	5064	Nexus v2.2.0.exe	83
PID 5064 wrote to memory of 4700	5064	Nexus v2.2.0.exe	83
PID 5064 wrote to memory of 4700	5064	Nexus v2.2.0.exe	83

C:\Users\Admin\AppData\Local\Temp\Nexus v2.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Nexus v2.2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Users\Admin\AppData\Local\Temp\is-NUGDE.tmp\Nexus v2.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NUGDE.tmp\Nexus v2.2.0.tmp" /SL5="$7016E,15020542,53248,C:\Users\Admin\AppData\Local\Temp\Nexus v2.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3PGOE.tmp\BASS.dll

Filesize
96KB

MD5
286d9b79aae13b0b8eec19eff6e112c5

SHA1
72dabedbf90ea9cb7cdad6bfcf4bb34f0dcce41e

SHA256
61813f57a29d7f29467f1dd1c96eebea84e5f51b0b0e74e5f6f905edd6c48aed

SHA512
7d223805d9624a4120d141cec112c0b93909b880521e27a9f8a4a351d9866d6b2e655067fb163be1ca3e7d60b29582cd7879b8ad85eb0f6221bccf60da3fb735

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3PGOE.tmp\WaterLib.dll

Filesize
120KB

MD5
7aaf9f850b21512678623a9206f572a3

SHA1
1b13e31efa4b32e368010e6a4d02436373220279

SHA256
ad46a43f535d647ab6ed9a8badcee1eff3497e45348844be327f505905b66e2b

SHA512
af2e2fe324928da0c9d59fa9f20bc5614ffe414b5d460296c81452acd0952ee523b75e6a7163c35a52b5b7e134739736331297da6e466d64edf3785222f7ab9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3PGOE.tmp\isskin.dll

Filesize
363KB

MD5
b31ad1bacfd7c51f35e052b8c7047d44

SHA1
ba58ae4a4a28cd2a4c2a7b85d260e105fa6e79de

SHA256
117ae53cf3e8bc95e6297a15d8365efd792da04df90744d4e244bbf72075ccc3

SHA512
2a4c0d3f7065a9272bd70e8fd121e80d9c4e3d9089285841b245790f4789704c27cb88333ddbf3bbecbc26af926b7ffd7a722352c7f418c84a9087cb1a748368

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3PGOE.tmp\skin.cjstyles

Filesize
2.0MB

MD5
31e3fe928c4524cbc648205296e600e9

SHA1
593e056da172480921dff41adfd08bd224b2baec

SHA256
268b637662ddf5ea58ae7a531a075dc71076f1093b6f9e68a0c1db8f79ca4349

SHA512
10569aade996407d3b749eb35bc961f827a5c90c158bceea89f4344c6d57aaf33c9831b52e71ba32171c725928b636cfc5a5e86b839185efe7ec97cfa0597b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NUGDE.tmp\Nexus v2.2.0.tmp

Filesize
669KB

MD5
df378ec3751fa0b4815a15b0a7bf365b

SHA1
37bc361f0ed1c94033a49cb8c4a3880c72b3d74e

SHA256
c9015443a8680296828834326dcdc982c8ed8f6ec6c69f219cac39c3e94b8798

SHA512
515c372ae640d797d66553cd6930ead79466a9176ec338fe7e6f5383d77b92c378ba83092828b81c62885a3895dbc084e1cfb0b1cf949eeacf36a35aa91b3925

Download Submit
memory/4700-63-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-67-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-32-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-33-0x0000000075440000-0x00000000754BA000-memory.dmp

Filesize
488KB

Download
memory/4700-34-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-35-0x0000000075440000-0x00000000754BA000-memory.dmp

Filesize
488KB

Download
memory/4700-36-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-37-0x0000000075440000-0x00000000754BA000-memory.dmp

Filesize
488KB

Download
memory/4700-65-0x0000000074990000-0x0000000074AB4000-memory.dmp

Filesize
1.1MB

Download
memory/4700-39-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-40-0x0000000075440000-0x00000000754BA000-memory.dmp

Filesize
488KB

Download
memory/4700-41-0x0000000075B60000-0x0000000075B85000-memory.dmp

Filesize
148KB

Download
memory/4700-42-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-43-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-44-0x0000000075B60000-0x0000000075B85000-memory.dmp

Filesize
148KB

Download
memory/4700-45-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-46-0x0000000074990000-0x0000000074AB4000-memory.dmp

Filesize
1.1MB

Download
memory/4700-47-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-49-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-48-0x0000000077010000-0x00000000770F3000-memory.dmp

Filesize
908KB

Download
memory/4700-50-0x0000000075CA0000-0x0000000075D4F000-memory.dmp

Filesize
700KB

Download
memory/4700-51-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-52-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-53-0x0000000075580000-0x000000007565C000-memory.dmp

Filesize
880KB

Download
memory/4700-54-0x0000000077010000-0x00000000770F3000-memory.dmp

Filesize
908KB

Download
memory/4700-66-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-56-0x0000000075CA0000-0x0000000075D4F000-memory.dmp

Filesize
700KB

Download
memory/4700-57-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-60-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-61-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-59-0x0000000074990000-0x0000000074AB4000-memory.dmp

Filesize
1.1MB

Download
memory/4700-62-0x0000000075CA0000-0x0000000075D4F000-memory.dmp

Filesize
700KB

Download
memory/4700-58-0x0000000075030000-0x00000000750A4000-memory.dmp

Filesize
464KB

Download
memory/4700-24-0x0000000005280000-0x00000000052D5000-memory.dmp

Filesize
340KB

Download
memory/4700-38-0x0000000075B60000-0x0000000075B85000-memory.dmp

Filesize
148KB

Download
memory/4700-31-0x0000000075440000-0x00000000754BA000-memory.dmp

Filesize
488KB

Download
memory/4700-55-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-64-0x0000000075030000-0x00000000750A4000-memory.dmp

Filesize
464KB

Download
memory/4700-68-0x0000000075CA0000-0x0000000075D4F000-memory.dmp

Filesize
700KB

Download
memory/4700-70-0x0000000075B60000-0x0000000075B85000-memory.dmp

Filesize
148KB

Download
memory/4700-69-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-71-0x0000000075030000-0x00000000750A4000-memory.dmp

Filesize
464KB

Download
memory/4700-72-0x0000000074990000-0x0000000074AB4000-memory.dmp

Filesize
1.1MB

Download
memory/4700-73-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-74-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-75-0x0000000075CA0000-0x0000000075D4F000-memory.dmp

Filesize
700KB

Download
memory/4700-77-0x0000000075030000-0x00000000750A4000-memory.dmp

Filesize
464KB

Download
memory/4700-76-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-78-0x0000000074990000-0x0000000074AB4000-memory.dmp

Filesize
1.1MB

Download
memory/4700-79-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-80-0x0000000075580000-0x000000007565C000-memory.dmp

Filesize
880KB

Download
memory/4700-81-0x0000000077010000-0x00000000770F3000-memory.dmp

Filesize
908KB

Download
memory/4700-82-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-83-0x0000000075CA0000-0x0000000075D4F000-memory.dmp

Filesize
700KB

Download
memory/4700-85-0x0000000075030000-0x00000000750A4000-memory.dmp

Filesize
464KB

Download
memory/4700-86-0x0000000074990000-0x0000000074AB4000-memory.dmp

Filesize
1.1MB

Download
memory/4700-84-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-87-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-88-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-89-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-91-0x00000000765F0000-0x0000000076BA3000-memory.dmp

Filesize
5.7MB

Download
memory/4700-90-0x0000000010000000-0x000000001005B000-memory.dmp

Filesize
364KB

Download
memory/4700-92-0x00000000750B0000-0x00000000752C0000-memory.dmp

Filesize
2.1MB

Download
memory/4700-7-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4700-152-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/4700-154-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/4700-158-0x00000000053E0000-0x00000000053E1000-memory.dmp

Filesize
4KB

Download
memory/4700-309-0x0000000011000000-0x0000000011062000-memory.dmp

Filesize
392KB

Download
memory/5064-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5064-308-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5064-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5064-312-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download