13b25a24c867ed3f1b7afef7a1339054a0be32cd27faaf084113348ce8928dbf

Analysis

max time kernel
58s
max time network
57s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2024, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nyx.exe
Size

554KB
MD5

eeb5aa12a0f4697be8ed552dc9660e56
SHA1

500adf7c194dfa926be4ba1b165e15ddbf76e4ac
SHA256

cc9ce6eb5435434e44858b3e8eff514fbc6cf7737be9a8e03f39cdb01f66241e
SHA512

3f9007697241f2c13624e2ea09857a0d82e44cbff916ec5e30e7b2c3e38d61cc457a7be89d75b2bc35a8c1b7b9ca41ce4623bcb707218c804ca9356caa2ef925
SSDEEP

12288:Oh1Lk70TnvjcJF2X1aegex9mmdR/3+/oZWpxyifGbetDt9zkWX8OwGS:Ck70TrcPC1apex9mmdROwfretD0NzGS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1734202354-1504186683-2192872036-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\DefaultDomain = "11001"	Nyx.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	Nyx.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2208	Nyx.exe
2208	Nyx.exe

C:\Users\Admin\AppData\Local\Temp\Nyx.exe
"C:\Users\Admin\AppData\Local\Temp\Nyx.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\3db62353f031424692e92ddbdbd082c1 /t 2172 /p 2208
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000004D50000-0x0000000004DEC000-memory.dmp

Filesize
624KB

Download
memory/2208-1-0x0000000074460000-0x0000000074C11000-memory.dmp

Filesize
7.7MB

Download
memory/2208-2-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-3-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-4-0x0000000004DF0000-0x0000000005396000-memory.dmp

Filesize
5.6MB

Download
memory/2208-5-0x0000000004CA0000-0x0000000004D3A000-memory.dmp

Filesize
616KB

Download
memory/2208-6-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-7-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-9-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-11-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-13-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-15-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-17-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-19-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-21-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-23-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-25-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-27-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-29-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-31-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-33-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-35-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-37-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-39-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-41-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-43-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-45-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-47-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-49-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-51-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-53-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-55-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-57-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-59-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-61-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-63-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-65-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-67-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-69-0x0000000004CA0000-0x0000000004D34000-memory.dmp

Filesize
592KB

Download
memory/2208-2118-0x00000000053A0000-0x0000000005432000-memory.dmp

Filesize
584KB

Download
memory/2208-2119-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2120-0x0000000005500000-0x000000000550A000-memory.dmp

Filesize
40KB

Download
memory/2208-2121-0x0000000006350000-0x000000000637C000-memory.dmp

Filesize
176KB

Download
memory/2208-2122-0x00000000096D0000-0x0000000009730000-memory.dmp

Filesize
384KB

Download
memory/2208-2123-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2127-0x0000000074460000-0x0000000074C11000-memory.dmp

Filesize
7.7MB

Download
memory/2208-2128-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2129-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2130-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2131-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2132-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2208-2133-0x0000000074460000-0x0000000074C11000-memory.dmp

Filesize
7.7MB

Download