Overview

overview

10

Static

static

10

NucleusApp.zip

windows10-1703-x64

1

EasyHook.dll

windows10-1703-x64

1

EasyHook32.dll

windows10-1703-x64

3

EasyHook32Svc.exe

windows10-1703-x64

3

EasyHook64.dll

windows10-1703-x64

1

EasyHook64Svc.exe

windows10-1703-x64

1

EasyHookSvc.exe

windows10-1703-x64

3

Ionic.Zip.Reduced.dll

windows10-1703-x64

1

Jint.dll

windows10-1703-x64

1

NAudio.dll

windows10-1703-x64

1

Newtonsoft.Json.dll

windows10-1703-x64

1

Nucleus.Gaming.dll

windows10-1703-x64

1

Nucleus.Hook32.dll

windows10-1703-x64

3

Nucleus.Hook64.dll

windows10-1703-x64

1

Nucleus.IJx64.exe

windows10-1703-x64

1

Settings.ini

windows10-1703-x64

1

gui/icons/default.png

windows10-1703-x64

3

gui/icons/icons.ini

windows10-1703-x64

1

gui/theme/...rs.png

windows10-1703-x64

3

gui/theme/...al.png

windows10-1703-x64

3

gui/theme/...al.png

windows10-1703-x64

3

utils/XInp...en.txt

windows10-1703-x64

1

utils/XInp...ja.txt

windows10-1703-x64

1

utils/XInp...en.txt

windows10-1703-x64

1

utils/XInp...en.txt

windows10-1703-x64

1

utils/XInp...us.ini

windows10-1703-x64

1

utils/XInp...lt.ini

windows10-1703-x64

1

utils/XInp...me.txt

windows10-1703-x64

1

utils/XInp...me.txt

windows10-1703-x64

1

utils/devr...er.ini

windows10-1703-x64

1

utils/x360...ce.ini

windows10-1703-x64

1

utils/x360..._3.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    6s
  • max time network
    22s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31-07-2024 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    utils/devreorder/devreorder.ini

  • Size

    976B

  • MD5

    4ef84cf0a9c640da5d1dd64f83b10f5d

  • SHA1

    3a1458c83749cc88fccf8d24d12a881eef29cc8a

  • SHA256

    4244875196d6ae1381796f6a61383d38f6f6f24b1c72d246c20e785254647578

  • SHA512

    c29277a52ad79318de81e5af2f5749cd4a525224b628596ea391f23bd7333fd22f4b9959c1a8e9d4c720f2f55c0960c3b5ce887b1cf547d7b8bcf00211d83ee3

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\utils\devreorder\devreorder.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:4820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads