Overview

overview

10

Static

static

10

Nexus.exe

windows7-x64

7

Nexus.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08-06-2024 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nexus.exe

  • Size

    6.9MB

  • MD5

    4c387084af4f8ca5e788a9ce34ce60f0

  • SHA1

    8eba53e02266b4f8758f0452b2aaac1e694fb231

  • SHA256

    905baec4d70f9e1b1f8f0a6377de9d50b54e34489888de800e03c8de2a9fb97a

  • SHA512

    07530826cf9eb8affb3684029f2ae042f6a6b4faecf78520594cb4138b47d231fe334a9baa4d903998265b0bad67bbaf891bb5ed59e1ce27d566c75ae6b59227

  • SSDEEP

    98304:wrrBYzdbM+Q2y+aq0FrjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hBnm:wrrIf0FfOjmFQR4MVGFtwLPCnL2hVcR

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nexus.exe
    "C:\Users\Admin\AppData\Local\Temp\Nexus.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Users\Admin\AppData\Local\Temp\Nexus.exe
      "C:\Users\Admin\AppData\Local\Temp\Nexus.exe"
      2⤵
      • Loads dropped DLL
      PID:2616
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2460
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x194
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2564

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI22482\python311.dll
      Filesize

      1.6MB

      MD5

      9e985651962ccbccdf5220f6617b444f

      SHA1

      9238853fe1cff8a49c2c801644d6aa57ed1fe4d2

      SHA256

      3373ee171db8898c83711ec5067895426421c44f1be29af96efe00c48555472e

      SHA512

      8b8e68bbe71dcd928dbe380fe1a839538e7b8747733ba2fd3d421ba8d280a11ba111b7e8322c14214d5986af9c52ab0c75288bbb2a8b55612fb45836c56ddc36

      Download Submit

    • memory/2616-23-0x000007FEF59F0000-0x000007FEF5FD9000-memory.dmp

      Filesize

      5.9MB

      Download