Analysis
-
max time kernel
22s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 07:51
Behavioral task
behavioral1
Sample
NLChecker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NLChecker.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
NLChecker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
NLChecker.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
NLChecker.pyc
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
NLChecker.pyc
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
NLChecker.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
NLChecker.pyc
Resource
win11-20240508-en
General
-
Target
NLChecker.exe
-
Size
6.6MB
-
MD5
f794d41bd5843006837d87610667110d
-
SHA1
b9ed0177c1e0a43ae06db39bcfc286e41d4e5668
-
SHA256
bb0051be3e9db6d8299477ed7ff9d1d178d98513ab6d6d4f06b860bfe8cc229b
-
SHA512
815a1459a457ec2346ee004c61f54d37c43f1c569d378b0258817d615f3c06aff549267a695958342306b248e655a1d2243280438c0fd3dce761dde84539e540
-
SSDEEP
98304:Hlr1P9bFLyi1e+MsSQbbIRnRMoaUMnGt0QkTt2eaaqsszacnZrmtgtXRJK:HlRP3yi1nTcReoaU89vRlsDZrmtoRk
Malware Config
Signatures
-
Loads dropped DLL 45 IoCs
Processes:
NLChecker.exepid process 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe 2000 NLChecker.exe -
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\_MEI19042\msvcr90.dll upx behavioral1/memory/2000-94-0x0000000074C00000-0x0000000074CAF000-memory.dmp upx behavioral1/memory/2000-93-0x0000000074CB0000-0x0000000075028000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\_ctypes.pyd upx behavioral1/memory/2000-100-0x0000000075060000-0x000000007507E000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\_hashlib.pyd upx behavioral1/memory/2000-103-0x000007FEF7390000-0x000007FEF752F000-memory.dmp upx behavioral1/memory/2000-107-0x0000000074BB0000-0x0000000074BC4000-memory.dmp upx behavioral1/memory/2000-109-0x000007FEF62D0000-0x000007FEF64E1000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\_ssl.pyd upx \Users\Admin\AppData\Local\Temp\_MEI19~1\_socket.pyd upx \Users\Admin\AppData\Local\Temp\_MEI19~1\_cffi_backend.pyd upx behavioral1/memory/2000-115-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral1/memory/2000-113-0x0000000074B90000-0x0000000074BA1000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\_multiprocessing.pyd upx \Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto\Hash\_BLAKE2s.pyd upx behavioral1/memory/2000-133-0x0000000074CB0000-0x0000000075028000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto\Hash\_MD5.pyd upx behavioral1/memory/2000-154-0x0000000004230000-0x000000000423A000-memory.dmp upx behavioral1/memory/2000-173-0x00000000042E0000-0x00000000042EC000-memory.dmp upx behavioral1/memory/2000-177-0x0000000004340000-0x000000000434A000-memory.dmp upx behavioral1/memory/2000-181-0x00000000043A0000-0x00000000043AB000-memory.dmp upx behavioral1/memory/2000-180-0x0000000004380000-0x0000000004394000-memory.dmp upx behavioral1/memory/2000-179-0x0000000004360000-0x000000000436B000-memory.dmp upx behavioral1/memory/2000-178-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral1/memory/2000-176-0x0000000004300000-0x000000000430A000-memory.dmp upx behavioral1/memory/2000-175-0x00000000042F0000-0x00000000042FC000-memory.dmp upx behavioral1/memory/2000-174-0x000007FEF62D0000-0x000007FEF64E1000-memory.dmp upx behavioral1/memory/2000-172-0x00000000042D0000-0x00000000042DB000-memory.dmp upx behavioral1/memory/2000-171-0x0000000074BB0000-0x0000000074BC4000-memory.dmp upx behavioral1/memory/2000-160-0x0000000004250000-0x000000000425B000-memory.dmp upx behavioral1/memory/2000-159-0x000007FEF7390000-0x000007FEF752F000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto\Cipher\_raw_ocb.pyd upx \Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto\Hash\_ghash_portable.pyd upx behavioral1/memory/2000-146-0x00000000004E0000-0x00000000004EA000-memory.dmp upx behavioral1/memory/2000-145-0x0000000074BD0000-0x0000000074BF5000-memory.dmp upx behavioral1/memory/2000-139-0x00000000004D0000-0x00000000004DC000-memory.dmp upx behavioral1/memory/2000-138-0x0000000074C00000-0x0000000074CAF000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto\Hash\_SHA256.pyd upx behavioral1/memory/2000-135-0x00000000004C0000-0x00000000004CC000-memory.dmp upx behavioral1/memory/2000-134-0x00000000004B0000-0x00000000004BB000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto\Hash\_SHA1.pyd upx \Users\Admin\AppData\Local\Temp\_MEI19~1\bz2.pyd upx behavioral1/memory/2000-97-0x0000000074BD0000-0x0000000074BF5000-memory.dmp upx \Users\Admin\AppData\Local\Temp\_MEI19042\python27.dll upx behavioral1/memory/2000-182-0x0000000074CB0000-0x0000000075028000-memory.dmp upx behavioral1/memory/2000-183-0x0000000074C00000-0x0000000074CAF000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
NLChecker.exedescription pid process target process PID 1904 wrote to memory of 2000 1904 NLChecker.exe NLChecker.exe PID 1904 wrote to memory of 2000 1904 NLChecker.exe NLChecker.exe PID 1904 wrote to memory of 2000 1904 NLChecker.exe NLChecker.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1017B
MD56e405b4261e0578fbdfaf93615ecf43e
SHA1f3d5993b5599fc85fc83dd1def58ac2d83672d4f
SHA2562ae660d4e253e36fe08e9efb3b723558413be17700d9df80c59192a49d6976b4
SHA5124a6c37c1f307c8dca40512e6a4e40ddb59dc6ca6b581ca4a2da5cbf9abcc17cd9467d5eb25a050025a5f3d0b367782cbceac69e09fb6c3825730cca54d223abe
-
Filesize
6KB
MD58d949b8d57800e9fa987a3d2065d5367
SHA126a45267cbb36e1210dded23ff216f54ee70749a
SHA256c2a9aed762416a6fb6cce4eef7fc563b90443fc2e4faf8ff68fb9492c191276c
SHA512eafcaa5105eacecfc5acca8cbdc18d6697e989f07a1d9414ec9f88a151da41451e177ec2a530f1029e2917682380c9c98cdf094926877ecc94218400afa9005c
-
Filesize
249KB
MD5e82eeaa1e4591cedf8afa159217b6bb1
SHA18ac3c6f0a62991c92df62ab8e239183081076b7f
SHA2563359cf3a05a0070a273cb14b9d10992cf3ba1d95323df8ecdec199423cb6c9bd
SHA5126d56e4c0323bfab21ae89be66e79b71736240ca85a4418f36c8009cf47ec9c7891b5b5592f95559840a84c705e9849fcb28d6c421b74f2811aab774bbf606840
-
Filesize
1.0MB
MD5d2b1ae6331f7b5573892f8458ef903ba
SHA1e9f55a79e7fe086e93937302801e676e3ea3869a
SHA256f9f9643cfcd248836e071d2ab5fc626211eab58a648d290cdf3711b9ecfde5e2
SHA512dc7af4eab50dafbe83c48e312d386ccfafedf51a58231228b5dd21221912f7028fea930eb826bf2174ccb2d26ea483e65780b4a480797cd4d7bada6becf2b242
-
Filesize
6KB
MD52b29c56a942884590348d658c8b089b5
SHA108712bfd10c8c0eff61c41573d29604d27293780
SHA256fedbc8d4bb85d878d9cfed2d5b9af4e04c18e4ed4e470b3ea4e3f960fc72faf9
SHA512e218ce7cc9e0bf5585a86f2819dc4accc814fbbe9a59c6d25edd89e64eb8e254d0b87d439f7fa3a302709be282c54b9074280e0cfa871bddc6f2fec2f6ed98be
-
Filesize
8KB
MD5ef5dbc1a371e487adaff7cb7f5ed9446
SHA175dfc9c414f6288c57307fedbb8b5b4a7a2efcbc
SHA25615be6f4ffbc7f6db0247dc4a1a3194fed4f38c93c1fc71c01515ad3a59de75d1
SHA512c74e28a2990b44555bc4b5af2cf171ee5cf08dfdb46e149d66dfad81e6639fc249044230a031ba14b9b24cbfec082a2c575b5def1b9ec408bf4e2d06015ce42f
-
Filesize
7KB
MD50b880f6e0d8461cb80d1b4146237ee82
SHA1157347e0b5f13bb8131b2335d078ad1d86917ab1
SHA256093eaa37165b0f8dbf50b2acba7f998a8d535409ea0ed13fff3e645f865718a0
SHA512339638856dd48fa3be696c9af22121c3d2d7ed9aaf3d96c339291ba6eb076980364df30160e42ea2ab3ce37d991d7d5fcc08fcc3b590ea41d295e457657b561e
-
Filesize
7KB
MD5037c3157ce1f4e858e6efc44bc346e7a
SHA152fe78365725a24f6f892e44c8120ad11f5a9187
SHA256a583c84197ef1dc5964194418d003eacf7c8d38eb039764e1da511d31a109a1a
SHA512e280da2e37ca841d8e53a77861b3880f5db8f5366e27040017e2621832c0712b7e732ff28cbe48b93c067dfe9f283da71e0dc7834c91e42766678ebb7b05b9c8
-
Filesize
8KB
MD5e99802c2b523c4c2c8fc1d89ee6db877
SHA1af68ee2ab9c5fe477f61a1be49ce84fa1e7c6a63
SHA2566283c8117727cc18568cf268da11f998c57bb2df9966c31809514e82c8581cbf
SHA5122c4187e4294765016e2264d92a1a34785f9ff2a69084fda39cfd187116b8efc189505b2d8e878f4f652ccbc3889a42e9c36cd0f3789bb3e7e41197cbca9b6f2f
-
Filesize
6KB
MD52e6ab434cee9840a4fde4d45c57b1c5e
SHA132c7859abde475c1dc7a882eb8b0cf2b8285fb5e
SHA256bd7046fcf346f1a051060f58c29787dd01fa0614c36bff02f539104c83ace274
SHA5120106881287a188e51bfd6a84f24ce36e0059cc067b83849d4ae956ade3d1d02b8443d423f01bf85d668126e19f493dfc11bfe4d3bf4b8f894945a39871c0b4e6
-
Filesize
8KB
MD5d6074b3341f2998e5781db601a2386ed
SHA1d513e9134cb919776d5286067487695d61b81458
SHA256697e1d66c4444b601ad75a887d53db420bcbdcc521066174ee595fc4762363cb
SHA51218aac19e29c9f15bce6795cdaf1bcf19472c86786f6589cf6d5b516f92690b8b0ff2ccd440664f62f26f23d05311296389a3ae1f3a8c8eabe563031f04d8a5b9
-
Filesize
7KB
MD5bd64a9dd340d9f32deaf7f545d5256c0
SHA16e43ed4524ef0e6e77b233b85adac0220eb3203d
SHA256379678ab8a52983ade8148e321f3fc28b05449312faec7d0f29d38813f47d09e
SHA512568411b9a709077ccddb7f4cdd4aa9034e67a09f4e85e317800cde084c3526ab37e8344c14ba6b306ce812823981db658b9d00ee3645fde235e1e56996836502
-
Filesize
8KB
MD536f7426b735e4b0de5a32a7a829da7e3
SHA1966138f6ca8ad626fa698da974ce8e9eb2fcd675
SHA256142b0e8a71a71dc59b6ba533ee865c3d174436bd9785c8910e742ca12c736dc7
SHA5128ee6a8059bf9032c412be55f1e6d5c2cf219463e4384f2b10749616a8f0055a1eed5c1dcbcd5cc94539caafb4a18921195bc6538bb9fe01be5c76cfd28682ccd
-
Filesize
9KB
MD5f691f657d9f34de60611e633304cd76b
SHA1afeaf5693f43d26011ca123b1ed51be4ebc4120c
SHA256ef3802a73785be16f243515490beb4aa120f403ddd1b831998cd44559bc1c90c
SHA51250730499346952abd875f9f810a809d937d8c066d6330e902032ac6307033b8c3c891dca52187599ac45f8624d38096ad4ba55eff24cc143181e466a257ac4bc
-
Filesize
10KB
MD5f9734d4549191c6b4048f65ff7c5cd56
SHA10a55e87a7dea6f19e6126f0baddf96f92a7ac16d
SHA256cc834acfd5ef9fde7bda34d250fd456a1f2b102289e62198bf41f96205151a80
SHA512014e300f7a157abacad58b9acf1e2d483b8687628179c3d93fbe3691751243fdf6503f84864c0309cce56e7bfab22c3d558137a3a9e3c2aa56958fc63d8aa004
-
Filesize
10KB
MD5de77ed5a1f2a9f6ecbb75cdfb9fa1a23
SHA16c75eca2050627fc3676ddbbdd8c4dbba10ee6cd
SHA2564087f562aa6d5716acf5d29195a23c9a69bb9449be7493dc185e10e367702de0
SHA512dec8ebe6dcec4c28fe70191731c015933320cc2431c31172a4ad5eb0d11d20b981d39b216e05ed06720e070e3343b31b399300760b8f319439e6cf4e9b4d8eee
-
Filesize
8KB
MD52a173603e4770b75c1d60b3e8248c028
SHA11b955d2800fbc79b975ced1f90ddcde3e713efa1
SHA256f4ac7cf80d72016fea440320696e46698ae0fee9f7d79713440f26148a856f2f
SHA5121b23a684505c65c778a0fe9005b416a25ac6464f1c4bd37af50fbc6259df579906d557f0cfa62ce6b28b6d8c3bbd5ebb4d229216c5ff0d25359ca99f06302600
-
Filesize
7KB
MD5cf6a2d528f6f0c8e3a80094fd6127792
SHA170b758f75bef965c1514fd6f36021e351cfc76be
SHA256dd1410ac66ebce4cf12a5c73af97c2295d897e3b7820b613b87af78987a81056
SHA512d64a1c6fa77c5c7583783f2c6858ac306bdd86b1f57a0861e447cfe4805b6a5120f68ac5d65e6fdedc82bfa69462f6e0c61d67e57816d830a4d60c3e9d68990e
-
Filesize
7KB
MD57d5d2e773317ba63b5166c88318790a9
SHA1d65b858ea27b58b6d396ea909082927740664ea1
SHA256410646ad327b1096b9be25be92b8b0c35eb0c384741bdae8e340c77351509d2e
SHA512a7f6ad24ad9b18a934e018290e26fb25c4dc87097c789885d06b9d9e074dc6b47441ae3da19f1ab92ded4a1bd2659f843d942361d846eab770f83d3873b2a68f
-
Filesize
6KB
MD511645c64306545732e48609025cb15af
SHA1688a8e71789b9419eb672bed62944391ac7c9cad
SHA256aaf9dbc38c6490964531223105bc6a6b26da55543e353165e0c748ed20a839a6
SHA5127634747f1c47079eb8a3213adc294267dce69add539f0bfc1fd2bea0ff9787eb0f54f46ec3b726bf9e40a6f07f49e4227beb2dee9fdf34bcb6728c6b1cde23a3
-
Filesize
6KB
MD5239a69fa1fc7297debeeaa42449a055f
SHA19407b4ddd4ae2da49198d0b083f113fa2eceb44f
SHA25698c6a29470cd2a20e2dd2a09b0eb6156c29d1e900283eb844c993974d76208c3
SHA512176b62b3b402b4c24541d39016e5d65bd9f043a5222b468fa685bcf60d47595ce955f230c242613861aeb11e8a112d5f39dd9298041efb050d0d5f9b0032febb
-
Filesize
7KB
MD5d74a913440a64400134b1c0486eb192d
SHA1ef2fdb0ce21ec7543cc795d12ddabdf8e2a7fc93
SHA25629ac9789e7f5d4c51032166cace333f43db6f4df8c9d813b90fe28bf3addac72
SHA5128a168ff35ef8aa2485a13064b261a15b7e17f220e80f2f7cb9f478a74b5fdac44f702203d0dc63cacb3326cc6391f2508e44836a121032694ac5385f3b7057e0
-
Filesize
7KB
MD542a856b5149573c30e5a1854f236232d
SHA13249efc68c8212c1c5a32482c5f02f08a3264da7
SHA256f9f57bca51aad45051ef2694f46fd6376d0b8134b629181fbd6aa84e2c3543bc
SHA51226f69b2334e95a16a9dd4aba7ec64fe8a6e23b60e435f1cf1d586b9539d0cc9eaf79b719c692b8d84e7ceb6557de2f399f7474a465218d45160d2c4be472ceff
-
Filesize
8KB
MD514e408131308a7d6a3152929f85ecee3
SHA1fe5522b9a581ba5ef21c79e3d1455b4bfbfcb7f9
SHA2564278868447219fc08764b019a525e808ff7b2a1a93ba69f89aacb055d873d045
SHA512f0c1cbe9af08d7f0ad0fea8eb249f3853cc829b4159b43fc80d2d974c33d2c91221598631020a1a7e729687f73b54681aa1e1f6239fe0d675cd864f00990ab84
-
Filesize
6KB
MD5144be71653797bdb74bc85f67ea42fc1
SHA1f1235f2e6f40c4521f6dbb008adb7d09cb21e26d
SHA25629673d1ae2d5c695d6936c6f7d6eb2a246cf06f5541da469b249eef9ff33d8f8
SHA512d9e172de87033abf071a00ddb2f7122c0929aedf6993caf0d009836d6ac33deef27f4bbe0aceb0a309707df49175d3ce7906661487268911521131c5bd93941b
-
Filesize
7KB
MD55851cca8ded21a61cc20b540cbec87be
SHA1d5522d375c2e5e2d539bdf59293be9cb630f11bc
SHA2565e98091bc225d94707fe7faf0ed1761e09e1e554afd5e9ab69a8cf218446fcc0
SHA51227428b93f9b04a729221f21b02fbd7c0f30bf40c284912f4669bbd06f7837713fb60336e49ee4e894cc837c7d2be01b2d0fb13c7a7855e0752780a949f644b5a
-
Filesize
65KB
MD5b886ce72a56d6a45c876266d3aad9a0c
SHA1e3fba46feefedbd7f38c163ca867d0c5f83fa557
SHA256ed085929fc8e6edcf9f359d4382815a434a0dc6b550902533706c5af8e4477f3
SHA51207ec4f329acc0e70818d179f39bfe67f4fdc2b5b3c8dfe6dd59a11480cc42d491135a67c1bb3090329db1652e170e99401b26dd2a8fabda3b89c347a471480e4
-
Filesize
45KB
MD547a51db6fd9a671761cd5e0b6e0b83d7
SHA1fef0c42609aaf8043ed1a1742512f7732d3a22b3
SHA2566d0c1677f6ccbe91c16032aac3a99ae09c684729bc0c153f1c0157ea2e560ecc
SHA512e6ae1d9b4f07574da8ff427d514b01964f4431bea021b31cbd94151346ac918e64ab694370eaf16e977b5289052d1a76440dc848e42b26e213d19a0f7f0490e2
-
Filesize
503KB
MD5b9bec1122b0d52d2737f8fde24678b37
SHA1787a8eb4bb45f3019bc5890e3e92a37b7faee4a0
SHA2560dfd1ee1f50986efd0f967f0e4665216ef5301bdecbefb6b183bb70303e7709f
SHA5122b341fb67370e9e590bd242899bfe1735def66eb166cb4d0898fd7aab671a1a6a6eb18b155bd223a55d469875350f74b7ff94fcc35990639994c467e88313037
-
Filesize
16KB
MD54fcc93a09d15c138b21c436434189d82
SHA19a94f9f7f9f00f100cfec8b4af46f0d335e85ecd
SHA256ee66b937adf6adcf2efe3777018c09a3677251393777234c7853b8708fc2c539
SHA51200f984ab9a9f6842ec036d48d51fd3572870c9a1d23487af2f40130b0077e887fa51b1657ab7f8420d0bfb54eb204a1594799baeaa0075f6aec51f52c4ae3b9e
-
Filesize
22KB
MD5efaaa811eb02d947aad2fd020a7ca585
SHA135d122e58a453d3c4a5fa81031fb9dfa6aec6f27
SHA256ae6436d7ae7366cd0ec6ae065a851028fdc5a14094d4e928a9ad8752f2b1a9af
SHA512319cd32759b8e5cb0086107ec6a3f35c60b2449a9db5e35b21f16e21271adcbdb6501cec2a566191fc9e63a48edca32fbef235931ee6210597b4eb83fa49844a
-
Filesize
652KB
MD50f38005ba0792ceeb3f800b5a50b86d3
SHA1ee4c4174e2c98ef63f2e1051c83eb39e7280a627
SHA256a2e0b349bb1bfd39094c59e7b096bbf0953b74f58e8efa4d675604f33eccbc61
SHA512212d1be7bc797f511e9949a5a76b6d07009d40bc4e0c6b6f114c72cae193dc22d2c2662d234ac163d6b4bd341383dc2cd199895ca09bde08dfa2f7b8d997de24
-
Filesize
40KB
MD539a1f78896f228b494a9157991b8ce4b
SHA1bb1da3b695206e82a019fc6d0e9d3e899b194b1d
SHA256d9ac819de2aa2be5d575f57325a0d3ba6f6ba0516a04face096c3f693ea1eeaa
SHA51243fc4ae3d7c7e5d2ff346311bfe4407e1b41d7410101d2acfbf2d2fde0448e87a359ce23c0dc74b30a8a673c148ba332132306684e4ac327d2dfd5be79d95751