ec57db3a01842d649a50f90eff632dd05edde36d0fe72b2d4177e1e67ca3b479

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 17:36

Target

UntitledNuker-master/UntitledNuker.exe
Size

10.1MB
MD5

84d6d7beaac298809d90f86cf799a65d
SHA1

6f29241c1084a67ce86a4458fad5dace7c9692f5
SHA256

4c66b5e30ee9328391e1354457d68d922f04570409a7c5571e9be3b5c3aa86e5
SHA512

8cabfe053c858ab6600296deaae21d0e2f9815c60e26a40390736bea438dfb84f4748b43375aba9abc4b6cd227bb3f43aca116da012647ddf5b57174b12ceb8a
SSDEEP

196608:hhnoR+dQmR5dA6lDuErSEEJwdF4OVUqk/IpjDFc2YXFNksYv+C:PnO+dQ2lD+9JOq/OD226Ox

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

UntitledNuker.exe

pid process

2600 UntitledNuker.exe

pid	process
2600	UntitledNuker.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

UntitledNuker.exe

description	pid	process	target process
PID 1932 wrote to memory of 2600	1932	UntitledNuker.exe	UntitledNuker.exe
PID 1932 wrote to memory of 2600	1932	UntitledNuker.exe	UntitledNuker.exe
PID 1932 wrote to memory of 2600	1932	UntitledNuker.exe	UntitledNuker.exe

C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe
"C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe
"C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe"
2⤵
- Loads dropped DLL
PID:2600

C:\Users\Admin\AppData\Local\Temp\_MEI19322\python311.dll
Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit