6b8033ec2038275f5480359438e93fb9346d1f1921a1abc38990a8b6b650d83d

Analysis

max time kernel
138s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_checker.cpython-311.pyc
Size

11KB
MD5

74249e21ffb73aee330682e3b992796f
SHA1

5be62639fa94cce294b80cc5f54dc8d45b5f8b20
SHA256

417d63926b6ea3eb070f9e35f7c53f97697c35da6a5c8dd976037d694c953ea5
SHA512

30fef7e67d57087e280f108f4d0e54afa14947c78f726d8f3e93396d8f6080fe4284768cf5f0bfd80468753724db9904912502b898826dba6e5044f8d991a563
SSDEEP

192:pQvC1SA03q0s4T5ugeeWkaAn5AvzoejOQ1PJ:uvC70a0s45g8kqQ1PJ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5012	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Nexus-MultiTool-main\Helper\Funcs\__pycache__\token_checker.cpython-311.pyc
1⤵
- Modifies registry class
PID:3640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:3452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads