Analysis
-
max time kernel
142s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 16:58
Behavioral task
behavioral1
Sample
nigger.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
nigger.pyc
Resource
win10v2004-20240426-en
General
-
Target
nigger.exe
-
Size
7.7MB
-
MD5
1cdea33a488efce5b7a2e887ee434d87
-
SHA1
361026109bcf452bab11c596eb3c5b5bd21f2857
-
SHA256
dada2e816fe928b713be0ed163032c0049acc2a9a6d39253aeffe930572079d7
-
SHA512
4d7197dd8a3994cc5eeaa34a51666b7ec2f8d55b1519b73ab64bcb97df287855f12b52cfbe0c6ee4584958691c96d84c4b1f314a636368dd34bfebc42fbab717
-
SSDEEP
196608:IhwMCu83tlKXIXWnAcSEpIzyH0tIfXv0EL:ZMCu6lK1AtQIWH2v
Malware Config
Signatures
-
Loads dropped DLL 25 IoCs
pid Process 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe 3444 nigger.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 36 discord.com 37 discord.com 38 discord.com 39 discord.com 40 discord.com 41 discord.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: 35 3444 nigger.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4984 wrote to memory of 3444 4984 nigger.exe 84 PID 4984 wrote to memory of 3444 4984 nigger.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\nigger.exe"C:\Users\Admin\AppData\Local\Temp\nigger.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Users\Admin\AppData\Local\Temp\nigger.exe"C:\Users\Admin\AppData\Local\Temp\nigger.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3444
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD50e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
Filesize
71KB
MD55a1e2e1e7528c9622b8c1eafb80a71e1
SHA14fd36047b09532261db3cd8a344d01a9a22f58c3
SHA25624a0be8d4c4c6260720f89e0a99840305f182d06220306c70785a1bfc8903bb4
SHA5123d1401c5ccc0baea580d73c12d49bd751d344de837cf937b3482ffdb5070d8481b80070f9d74e6c2c237101b8401e56ae6a34674d954316adea8aa562022e31b
-
Filesize
87KB
MD54079b0e80ef0f97ce35f272410bd29fe
SHA119ef1b81a1a0b3286bac74b6af9a18ed381bf92c
SHA256466d21407f5b589b20c464c51bfe2be420e5a586a7f394908448545f16b08b33
SHA51221cd5a848f69b0d1715e62dca89d1501f7f09edfe0fa2947cfc473ca72ed3355bfccd32c3a0cdd5f65311e621c89ddb67845945142a4b1bdc5c70e7f7b99ed67
-
Filesize
22KB
MD58f0fc15b89105f42bfa8ddd21342f046
SHA13f529ac0ff13ae117c4285218526e61ab6225c94
SHA25694b38784f2349f803cb62abb8b8fd9f2352c9dc891acf8b3d2f1b8b745b7d79b
SHA51217259c44804e7ba3ce2b5448ca92984e00fa9a3877edd060496f29bfbb0ade28efe122274cb79c846ab10b558eb2be0ef2012ce3bfe6137aed44f8267bff1eb6
-
Filesize
129KB
MD52f21f50d2252e3083555a724ca57b71e
SHA149ec351d569a466284b8cc55ee9aeaf3fbf20099
SHA25609887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce
SHA512e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb
-
Filesize
38KB
MD5c3b19ad5381b9832e313a448de7c5210
SHA151777d53e1ea5592efede1ed349418345b55f367
SHA256bdf4a536f783958357d2e0055debdc3cf7790ee28beb286452eec0354a346bdc
SHA5127f8d3b79a58612e850d18e8952d14793e974483c688b5daee217baaa83120fd50d1e036ca4a1b59d748b22951744377257d2a8f094a4b4de1f79fecd4bf06afb
-
Filesize
251KB
MD5a567a2ecb4737e5b70500eac25f23049
SHA1951673dd1a8b5a7f774d34f61b765da2b4026cab
SHA256a4cba6d82369c57cb38a32d4dacb99225f58206d2dd9883f6fc0355d6ddaec3d
SHA51297f3b1c20c9a7ed52d9781d1e47f4606579faeae4d98ba09963b99cd2f13426dc0fc2aeb4bb3af18ed584c8ba9d5b6358d8e34687a1d5f74a3954b3f84d12349
-
Filesize
43KB
MD5cac4ea23441ac5658dda2e0a48013826
SHA153a46f8ed71501acde7d4f09aef57e32e5ceeb9c
SHA2562d30cd0be4a129a88fba368c0b14957905b3112869c8133b8f7e78dcf7edf1e9
SHA512aed87e075607bc83b12a7d2f614325566ec8438bfef4194141312aaf649521e26b3e609b565c84ddb9847c2bd632f569ffba1cbb91c973b4696162bafef22d11
-
Filesize
27KB
MD52325dab36242fc732c85914ab7ce25af
SHA1b4a81b312b6e037a0aa4a2e2de5e331cb2803648
SHA2562ffa512a2a369ccd3713419c6d4e36c2bd5d1967e046663d721d7e7ac9e4ab59
SHA51213f92c90a81f5dfbc15cadfd31dbc30b5c72c93dc7ad057f4b211388c3a57ab070bd25c0f1212173a0772972b2d3aa2caedbfb7e3513ffc0d83a15dbc9198b87
-
Filesize
74KB
MD5d7e7a7592338ce88e131f858a84deec6
SHA13add8cd9fbbf7f5fa40d8a972d9ac18282dcf357
SHA2564ba5d0e236711bdcb29ce9c3138406f7321bd00587b6b362b4ace94379cf52d5
SHA51296649296e8ccdc06d6787902185e21020a700436fc7007b2aa6464d0af7f9eb66a4485b3d46461106ac5f1d35403183daa1925e842e7df6f2db9e3e833b18fb4
-
Filesize
120KB
MD5d429ff3fd91943ad8539c076c2a0c75f
SHA1bb6611ddca8ebe9e4790f20366b89253a27aed02
SHA25645c8b99ba9e832cab85e9d45b5601b7a1d744652e7f756ec6a6091e1d8398dd4
SHA512019178eecb9fb3d531e39854685a53fa3df5a84b1424e4a195f0a51ca0587d1524fd8fbd6d4360188ea9c2f54d7019c7d335ec6dc5471128159153c2287b0e18
-
Filesize
63KB
MD53a044a2e7e7482bd4c4119d15eb807b7
SHA13a329ad1ef246a5c47920ebd9a9b6b72d6ce95ed
SHA256bac33e0f292483046c9aa01c5a4d86f68f2c3ab4240845c65756158ce393390b
SHA5122df1400d1f22e3b0a236eba056ad88b272a547b9813ef71298434a6a4992f5e5d568bdf35b2e16af453cf05cfbb8024b60eee3171f6eaa32f2ca3d6b661a55e8
-
Filesize
47KB
MD59d99f86fe345bb9941d19a2c551cd88f
SHA13f78ad04c8b160291ee0a35691609400ee83be9d
SHA2560575c621abb17eaaf6914dc5e1415da453d89c5e4ce0ee45c14832bc425e8b3b
SHA5122ef0486671d62d37cf58f619b1cffa79de3d9bb07c4e71433b008d74fd8d0354e5a3971443b49c9c45c99150084dabbe50448835b61db681f789d617a8b83106
-
Filesize
232KB
MD571b5fe49956eb00e5c5276859bb0f47e
SHA1ad3db646b9c1ca0522e3e33d413ff35dc293cce5
SHA256296a86f86018c9c868b7bb39ac1e29852cceba1623295994d8fc515335cf0545
SHA512fded64ff6ead27af41a61ca4ac77bb38368561f4bfdcd643bd36a4f7ab6daad0dcd5f0afdefa3a191cc901f8fd7ad641e7bbc9d26f30d3ffa22c9bea4f3071f2
-
Filesize
41KB
MD57c8fd7f58b435e40a86eabf68949f512
SHA1c559c7395e429d5039ca915070400c5acd358e6a
SHA256debb0e712b1b6fb98ce65094ab564309b962271c6b6a13da24a0bfd5d3a32b1e
SHA512f57b37c272b0ea6a3a1a6bcf1b52ced9574cddf5422b05c387e75d256b39c29805399ed63ec633c047f085192d6284a4818a58fe5c6fe716d71e535919060d09
-
Filesize
27KB
MD51f0b4e75ed11d6a355f9873e8b8f420b
SHA19aa2f378f278fa0d72788463d902c30ec57192c5
SHA256b44aa794b88eecc2699383dad0319dafbd031e0ee2edef15965134808443ea5a
SHA512a5a824001a106fcbaa56eab92364f61817323e8ca78715b45622103955c1a17ae32068fcdd06a29a1c1da74e99bb780700fe03e80e9fef70225e03080d764908
-
Filesize
994KB
MD546be82a377d053f56444fa141682c256
SHA1d2ce0acd78d0c69c056890fb15a8ab72ca4a2786
SHA2561bc7d01f5b20392225c0d47e4aece58d3032440609d6a89c5612abaad0900d6c
SHA51221653a8940a6895ac0e484b75e57b96e0872d4038812e1dde36204195304bbda13254e08cf6d7fef83cb1c7ed39c911ed80b2ba011512bd90a2c52935ce07602
-
Filesize
2.4MB
MD5022a61849adab67e3a59bcf4d0f1c40b
SHA1fca2e1e8c30767c88f7ab5b42fe2bd9abb644672
SHA2562a57183839c3e9cc4618fb1994c40e47672a8b6daffaa76c5f89cf2542b02c2f
SHA51294ac596181f0887af7bf02a7ce31327ad443bb7fe2d668217953e0f0c782d19296a80de965008118708afd9bda14fd8c78f49785ebf7abcc37d166b692e88246
-
Filesize
517KB
MD54ec3c7fe06b18086f83a18ffbb3b9b55
SHA131d66ffab754fe002914bff2cf58c7381f8588d9
SHA2569d35d8dd9854a4d4205ae4eafe28c92f8d0e3ac7c494ac4a6a117f6e4b45170c
SHA512d53ee1f7c082a27ace38bf414529d25223c46bfae1be0a1fbe0c5eab10a7b10d23571fd9812c3be591c34059a4c0028699b4bf50736582b06a17ae1ef1b5341e
-
Filesize
45KB
MD59f6d47335dbda0939aedc3488de73c4a
SHA1072b778c78bd81445a138b996713fed909c21b4e
SHA256a874aa34a46df245bfc6c5ef5b213deca84e8e051c4f022b2f0463f12b6da56f
SHA512eb3d383d84e84edde4d9f8eb783e66053c00832912402c6e7b07b22795e7efc6755c583484be1112eb42a1bb99efb1b31785e3a17c2efbe9bdce46eec7dd62ad
-
Filesize
3.7MB
MD562125a78b9be5ac58c3b55413f085028
SHA146c643f70dd3b3e82ab4a5d1bc979946039e35b2
SHA25617c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f
SHA512e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4
-
Filesize
26KB
MD5c30e5eccf9c62b0b0bc57ed591e16cc0
SHA124aece32d4f215516ee092ab72471d1e15c3ba24
SHA25656d1a971762a1a56a73bdf64727e416ffa9395b8af4efcd218f5203d744e1268
SHA5123e5c58428d4c166a3d6d3e153b46c4a57cca2e402001932ec90052c4689b7f5ba4c5f122d1a66d282b2a0a0c9916dc5a5b5e5f6dfc952cdb62332ac29cb7b36a
-
Filesize
992KB
MD50e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA14189f4459c54e69c6d3155a82524bda7549a75a6
SHA2568a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd
-
Filesize
1.0MB
MD57d1f105cf81820bb6d0962b669897dde
SHA16c4897147c05c6d6da98dd969bf84e12cc5682be
SHA25671b13fd922190081d3aeec8628bd72858cc69ee553e16bf3da412f535108d0e4
SHA5127546c3afb0440dc0e4c0f24d7b145a4f162cda72068cc51f7dc1a644454b645c0b3c954920c489b0748ba4c1ea2c34e86ba2565770e08077c2fdd02fd237f9d3
-
Filesize
95KB
MD5027ad0c0dc4689bcf18c1ec6fd9a66f5
SHA17d07692445559f3164c4df2dd22dba3196404f7e
SHA2565264fcff96ca9558663e9cbe649a11d9261859f7d9056775694a0452c6c11845
SHA512d4d66d00303d457a72b306711b83d8d5c18be9ea99b02bc1250246052a001e02273937d6fcd2408a563defb8119922477aad718186b903b15cc45f57cfec77ed