2a64c064af3b4570c916c320e34f2198c82b3278aa31e8a1add59501d97baf9e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 15:03

Target

Nexus Checker/Nexus Checker.exe
Size

9.4MB
MD5

01707a64b226dbfc5c31cf2424946d57
SHA1

e13e8ca8f4441eb8d46bdc76bfa8dc349cab35a5
SHA256

135cf2b8b7baf409bace9d55e5cfc71cd5973f465bd8c0a7c60e7bea640e1741
SHA512

1aa0d93d8e3ee17216bb464b1670681d25b91caac81d71cd78140ab81081bda7d1cd6b6780f5fc7c52ba0a84c2ce412599874b803aaa010d6f66284fb95fc945
SSDEEP

196608:8qnxzKH/m4SwLRXgWPmpzdhqiYB6yD+KdWryUQI1:tnxze5L1V8d8BR5a

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2784	Nexus Checker.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral7/files/0x000500000001a4e6-46.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2784	2280	Nexus Checker.exe	30
PID 2280 wrote to memory of 2784	2280	Nexus Checker.exe	30
PID 2280 wrote to memory of 2784	2280	Nexus Checker.exe	30

C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Checker.exe
"C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Checker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Checker.exe
  "C:\Users\Admin\AppData\Local\Temp\Nexus Checker\Nexus Checker.exe"
  2⤵
  - Loads dropped DLL
  PID:2784

C:\Users\Admin\AppData\Local\Temp\_MEI22802\python310.dll

Filesize
1.4MB

MD5
259f0b7b6eed52d7766fa294ee0db193

SHA1
f158995508e460c47748666219a54ee575973397

SHA256
9b88ca9240770931a2041e6d05ad4508b391859f8ed3603303935dcc1e55c406

SHA512
7efd3402d4cbd1146444fdab5eeb4a8aab6fec04b718761da3e0fd417d67e9576fc354737b3453f9e9c12210f1930e6eadd7c0570242b0c8a548fdb92051360c

Download Submit
memory/2784-48-0x000007FEF61F0000-0x000007FEF6656000-memory.dmp

Filesize
4.4MB

Download