2a64c064af3b4570c916c320e34f2198c82b3278aa31e8a1add59501d97baf9e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 15:03

Target

Nexus Checker/Nexus Acc Verifyer.exe
Size

6.9MB
MD5

b67e6e2c2fb01f4d40d5812652d41ec3
SHA1

b562852aee42c86ce3219a953b7a5c7619698696
SHA256

8e518cdb6657cc1e277c9473866eda5bcaeaeab328b8bf5368ab658be32791de
SHA512

9a5137a84de557c6fff7ac211190ccac98a92a480f3f5ccc4c15ccc367f202fbae1c1860826d63969009b4832311c5a42fb71117ef3263bf16b8673e3bb0152f
SSDEEP

98304:FRkwN+MdA5wqM5AKL8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBn7:FRV15IB6ylnlPzf+JiJCsmFMvcn6hVvj

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2732	Nexus Acc Verifyer.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/files/0x0005000000019c0b-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2732	1956	Nexus Acc Verifyer.exe	30
PID 1956 wrote to memory of 2732	1956	Nexus Acc Verifyer.exe	30
PID 1956 wrote to memory of 2732	1956	Nexus Acc Verifyer.exe	30

C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Acc Verifyer.exe
"C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Acc Verifyer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Acc Verifyer.exe
  "C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Acc Verifyer.exe"
  2⤵
  - Loads dropped DLL
  PID:2732

C:\Users\Admin\AppData\Local\Temp\_MEI19562\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2732-23-0x000007FEF6270000-0x000007FEF685A000-memory.dmp

Filesize
5.9MB

Download