ec57db3a01842d649a50f90eff632dd05edde36d0fe72b2d4177e1e67ca3b479

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UntitledNuker-master/UntitledNuker.exe
Size

10.1MB
MD5

84d6d7beaac298809d90f86cf799a65d
SHA1

6f29241c1084a67ce86a4458fad5dace7c9692f5
SHA256

4c66b5e30ee9328391e1354457d68d922f04570409a7c5571e9be3b5c3aa86e5
SHA512

8cabfe053c858ab6600296deaae21d0e2f9815c60e26a40390736bea438dfb84f4748b43375aba9abc4b6cd227bb3f43aca116da012647ddf5b57174b12ceb8a
SSDEEP

196608:hhnoR+dQmR5dA6lDuErSEEJwdF4OVUqk/IpjDFc2YXFNksYv+C:PnO+dQ2lD+9JOq/OD226Ox

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 25 IoCs

Processes:

UntitledNuker.exe

pid	process
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe
3520	UntitledNuker.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

3 raw.githubusercontent.com
4 raw.githubusercontent.com

flow	ioc
3	raw.githubusercontent.com
4	raw.githubusercontent.com

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

UntitledNuker.exeUntitledNuker.exe

description	pid	process	target process
PID 2216 wrote to memory of 3520	2216	UntitledNuker.exe	UntitledNuker.exe
PID 2216 wrote to memory of 3520	2216	UntitledNuker.exe	UntitledNuker.exe
PID 3520 wrote to memory of 5072	3520	UntitledNuker.exe	cmd.exe
PID 3520 wrote to memory of 5072	3520	UntitledNuker.exe	cmd.exe
PID 3520 wrote to memory of 4512	3520	UntitledNuker.exe	cmd.exe
PID 3520 wrote to memory of 4512	3520	UntitledNuker.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe
"C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe
"C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\UntitledNuker.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:5072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22162\VCRUNTIME140.dll
Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_asyncio.pyd
Filesize
62KB

MD5
47de17275c73cfcdce18ace16cd4f355

SHA1
5d6b9b1d4534eeae0a3b72bfa359bb4818e4c86e

SHA256
d667822030ba160cd8770569afec2c029b5247ceaa401d9268fe98bbea9e4c11

SHA512
e11637808ddaf14d0abdb88a389e6947b16f272d97642312c99ec38bbcaf43e3594d8f89bc8699d769368704a81bc1f01edffa69ab736665c1c192aeed780c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_bz2.pyd
Filesize
81KB

MD5
10d42efac304861ad19821b4594fa959

SHA1
1a65f60bba991bc7e9322af1e19f193dae76d77a

SHA256
8eecdcc250637652e6babc306ea6b8820e9e835ddd2434816d0e0fd0ca67fd14

SHA512
3f16dba627a133586e9d1c16d383b9461424d31892278ab984f7e6932a1cdc51445e1bec017a665bd66c0f2a9ba417387fecc5fdede36d67f8343b82a2ceb9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_ctypes.pyd
Filesize
120KB

MD5
df6be515e183a0e4dbe9cdda17836664

SHA1
a5e8796189631c1aaca6b1c40bc5a23eb20b85db

SHA256
af598ae52ddc6869f24d36a483b77988385a5bbbf4618b2e2630d89d10a107ee

SHA512
b3f23530de7386cc4dcf6ad39141240e56d36322e3d4041e40d69d80dd529d1f8ef5f65b55cdca9641e378603b5252acfe5d50f39f0c6032fd4c307f73ef9253

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_hashlib.pyd
Filesize
62KB

MD5
f419ac6e11b4138eea1fe8c86689076a

SHA1
886cda33fa3a4c232caa0fa048a08380971e8939

SHA256
441d32922122e59f75a728cc818f8e50613866a6c3dec627098e6cc6c53624e2

SHA512
6b5aa5f5fbc00fb48f49b441801ee3f3214bd07382444569f089efb02a93ce907f6f4e0df281bda81c80f2d6a247b0adc7c2384a2e484bc7ef43b43c84756d2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_lzma.pyd
Filesize
153KB

MD5
3230404a7191c6228a8772d3610e49e5

SHA1
4e8e36c89b4ff440ddff9a5b084b262c9b2394ec

SHA256
33ae42f744d2688bb7d5519f32ff7b7489b96f4eea47f66d2009dba6a0023903

SHA512
6ecce0c8e8b3d42275d486e8ff495e81e36adaaacaaa3db37844e204fcdaa6d89cb3d81c43d9e16d938cd8b6671b8800fe74a1e723a9187b0566a8f3c39d5d5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_overlapped.pyd
Filesize
48KB

MD5
f7a6519fd517ad2426b05ef9dccd31f6

SHA1
32b8df120ca2cfeb8349c1675c0907fd2132c76b

SHA256
6f79a76094f43c55899fe804cdd5d44ba6ff920c651436a7effa30e7c01b96ec

SHA512
2de7f8302743f36c21a6e3442960976a63396b93201f63579aa507274571fab801e228edc67a83d7729b6473d4b2899f0a9ae1b0a8b4e278d3b802eb896432dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_queue.pyd
Filesize
30KB

MD5
045ef55136b1e580582199b3399267a2

SHA1
de54519c67a996d0a8b4164417058f4610a57376

SHA256
39bd456267fe228a505ef4e9c8d28f948dd65123cb4d48b77da51910013fa582

SHA512
7b764fdc92bf10eb05bdd4116a549de67f0fa92f807d8b0eca9d718361c546dbec16ea68ef8ddec1c417530c6eb234c657e45f8c522852ab1bd7cb21976dad1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_socket.pyd
Filesize
76KB

MD5
0fc65ec300553d8070e6b44b9b23b8c0

SHA1
f8db6af578cf417cfcddb2ed798c571c1abd878f

SHA256
360744663fce8dec252abbda1168f470244fdb6da5740bb7ab3171e19106e63c

SHA512
cba375a815db973b4e8babda951d1a4ca90a976e9806e9a62520a0729937d25de8e600e79a7a638d77df7f47001d8f884e88ee4497bd1e05c1dae6fa67fb3dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_ssl.pyd
Filesize
155KB

MD5
93905020f4158c5119d16ee6792f8057

SHA1
eb613c31f26ed6d80681815193ffafdf30314a07

SHA256
d9cc4358d9351fed11eec03753a8fa8ed981a6c2246bbd7cb0b0a3472c09fdc4

SHA512
0de43b4fafdd39eaaff6cab613708d56b697c0c17505e4132d652fb3f878c2114f5e682745a41219193c75e783aede524685b77bd31620f8afe9c7b250f92609

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\_uuid.pyd
Filesize
23KB

MD5
13cc10d148b921f68e218dd912cc6ee4

SHA1
930cef88b581fb4d1b88fbdbaf64d34efa582f90

SHA256
d17e20063243a71b4331c7a8902451c6911fd87475ec918633c6388d6155ce52

SHA512
8af81d78a778875e63f99d7434724d772147da7ec07b88fb7094c9dcd02b86d08ce2bb3d3ee94d8c62156d2bf8331562b8c91b5e36a1278b64d0b6fd7eff45e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\aiohttp\_helpers.cp311-win_amd64.pyd
Filesize
37KB

MD5
a285448210af9a1aa6421ca5083d4d34

SHA1
91ada793e3c4c8399e9c9da50484ed6fc35658e6

SHA256
f31fac3880f5d12034dae9b600154b715302a786ed9c0212968167077e743b6e

SHA512
09e73e0b689c6ad670a10c1dfc7ed2536ae853b12b4c51aba0799934cd95496ccf3daf80075155a54a981fe769a1809371dab38c867156723378fc286d57f512

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\aiohttp\_http_parser.cp311-win_amd64.pyd
Filesize
203KB

MD5
d0c814deddf00cc3640bea7e774e9b6f

SHA1
8c12296e0bb4c4d964e3801a2d790d1172c91e98

SHA256
c6ed63e2f3bd9f74997681df65a4c25492275b99abe96738c1b1be65cc101b80

SHA512
a2342213561b6e49f71dfac5f4111962494ad8bfb2c1e46ca06c60eac853b3b37cca9e0cc748ea7001b2a481291558c29dc067ba0c541db5127328bc164a3a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\aiohttp\_http_writer.cp311-win_amd64.pyd
Filesize
34KB

MD5
7a9927e3942e63fca4e6fbd15a2c0f11

SHA1
766cb8832bf9542cf2c89a477e840c25ee1534bf

SHA256
9f1ce9fe00edf8300c7b9aad722987e934b8116d745a4513dd53be50e40edd37

SHA512
587b6969ccf07e0c6608a806ce418abb9d0d1b1f888f03000f9a05934e602dc054de864bde00cca2e3a930e30a97790862fa1d1a0334095f75294d1e2a9ac50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\aiohttp\_websocket.cp311-win_amd64.pyd
Filesize
23KB

MD5
b049bf262e33ffe6ff2b4b2667c4b1cf

SHA1
ca1a0f139b0fdb5ebf747d8c16a3a353ffc9e3e7

SHA256
6914f27197480b601c98cb6f15f3ea3ca02674366d12f0f5735df83afbe624ed

SHA512
e9aafc7307ce500a593e327dc7b306c63a10600dc547ed25f4f6cc9e945a68e16e3d08c508564398db18754e254fe88e1c094e06c47d804b2b246e916c276e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\base_library.zip
Filesize
1.7MB

MD5
c6b150f2eca4eec01765bdae9a78e097

SHA1
1eaf2a18863af05d4f8183978ea6ecadd21ed3de

SHA256
b8e074772e3f8203de0e4313ac274de4d4e5b5e847a3fe3dc4171413ea2a4502

SHA512
697cdcd1f23cf67683836cca593df643f3f2d3f139fdbf86bf990bd7c29a6721d8199fbff491cb234d2fb65bcd4f32f07796b8b522b895a52095d17628beb846

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\certifi\cacert.pem
Filesize
268KB

MD5
59a15f9a93dcdaa5bfca246b84fa936a

SHA1
7f295ea74fc7ed0af0e92be08071fb0b76c8509e

SHA256
2c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524

SHA512
746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\frozenlist\_frozenlist.cp311-win_amd64.pyd
Filesize
50KB

MD5
34c2dd52c9e920e035444d6cbddeb555

SHA1
3ff99987b968261e88032652917f137d4a6a0493

SHA256
55814d323ee1ec6cd6145ae8f43dbf44d9481e3592aa17b5a17010f7e401ff42

SHA512
8f0be0a3e2588bdeff9f5c4eb728ae43a58a19b91596adca0c931d5425a591178f13dcef68b1b949a2c805e1b9963800397f661688fd3c299d7084efe45adaf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\libcrypto-1_1.dll
Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\libffi-8.dll
Filesize
37KB

MD5
d86a9d75380fab7640bb950aeb05e50e

SHA1
1c61aaf9022cd1f09a959f7b2a65fb1372d187d7

SHA256
68fba9dd89bfad35f8fd657b9af22a8aebda31bffda35058a7f5ae376136e89b

SHA512
18437e64061221be411a1587f634b4b8efa60e661dbc35fd96a6d0e7eff812752de0ada755c01f286efefc47fb5f2daf07953b4cfc4119121b6bee7756c88d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\libssl-1_1.dll
Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\multidict\_multidict.cp311-win_amd64.pyd
Filesize
45KB

MD5
b92f8efb672c383ab60b971b3c6c87de

SHA1
acb671089a01d7f1db235719c52e6265da0f708f

SHA256
b7376b5d729115a06b1cab60b251df3efc3051ebba31524ea82f0b8db5a49a72

SHA512
680663d6c6cd7b9d63160c282f6d38724bd8b8144d15f430b28b417dda0222bfff7afefcb671e863d1b4002b154804b1c8af2d8a28fff11fa94972b207df081b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\python311.dll
Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\select.pyd
Filesize
28KB

MD5
116335ebc419dd5224dd9a4f2a765467

SHA1
482ef3d79bfd6b6b737f8d546cd9f1812bd1663d

SHA256
813eede996fc08e1c9a6d45aaa4cbae1e82e781d69885680a358b4d818cfc0d4

SHA512
41dc7facab0757ed1e286ae8e41122e09738733ad110c2918f5e2120dfb0dbff0daefcad2bffd1715b15b44c861b1dd7fb0d514983db50ddc758f47c1b9b3bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\unicodedata.pyd
Filesize
1.1MB

MD5
cdb5f373d24adceb4dc4fa1677757f0c

SHA1
af6b381eed65d244c57129346008ec8532ba336b

SHA256
175c4cb528f1ac4e285c575cc3f5e85ec4b3ae88860210b5d795b580c7f0b5d9

SHA512
429a326648c761bf068ca7735094644f532d631cf9355c9f1a5743a5791837a36cd6aa2efe2265c7541feb06310d0c07b634dd04438d8eddbdf1c4147938a868

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22162\yarl\_quoting_c.cp311-win_amd64.pyd
Filesize
65KB

MD5
3b17f066462f21ae637f8be73e1f82b0

SHA1
f11920db843195975d877465f995b81ee3c3903e

SHA256
a9a4b2db416877b7ad9daece9fc9cbd500283bf47c198261343b86d7ed065c18

SHA512
eb15cb56500c6a02d75f6d29c288e1db47ab08d16cd0286491b90c2ec7f0f8776e62e615c8d05a708dbf927de8711459d684b90d13fba9fee2e5703f29e7656f

Download Submit