Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Nuclear-Free.exe

windows7-x64

3

Nuclear-Free.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    22s
  • max time network
    24s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 12:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nuclear-Free.exe

  • Size

    124KB

  • MD5

    262cc07e9bbe1eee2a04fed69fe02ca2

  • SHA1

    3eedd0608fc413dc66a9eac597f755faaeaa4aef

  • SHA256

    db096016b86351bff457c1ef6149a4f2680c21d79797218807a31b9ac2af3d81

  • SHA512

    00789fb958107a6f631842a9f2f5abe1185c8f0fc0cf6f72cfd622e215b8c0b2d943e8e84c6b852b1e2be2ffb8aac2d848a2f2bafe2f733c529e821bf7d438d5

  • SSDEEP

    1536:g7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIftwNiY8z6leO4:e7DhdC6kzWypvaQ0FxyNTBftRZz6k

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 15 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 15 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nuclear-Free.exe
    "C:\Users\Admin\AppData\Local\Temp\Nuclear-Free.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8DD8.tmp\8DD9.tmp\8DDA.bat C:\Users\Admin\AppData\Local\Temp\Nuclear-Free.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3604
      • C:\Windows\system32\PING.EXE
        PING -n 1 -l 1000 sigma
        3⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:3336
      • C:\Windows\system32\find.exe
        FIND "TTL="
        3⤵
          PID:1392
        • C:\Windows\system32\PING.EXE
          ping -t 2 0 10 127.0.0.1
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:3132
        • C:\Windows\system32\PING.EXE
          PING -n 1 -l 1000 sigma
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:5104
        • C:\Windows\system32\find.exe
          FIND "TTL="
          3⤵
            PID:5068
          • C:\Windows\system32\PING.EXE
            ping -t 2 0 10 127.0.0.1
            3⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:4340
          • C:\Windows\system32\PING.EXE
            PING -n 1 -l 1000 sigma
            3⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:2312
          • C:\Windows\system32\find.exe
            FIND "TTL="
            3⤵
              PID:4752
            • C:\Windows\system32\PING.EXE
              ping -t 2 0 10 127.0.0.1
              3⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:4508
            • C:\Windows\system32\PING.EXE
              PING -n 1 -l 1000 sigma
              3⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:860
            • C:\Windows\system32\find.exe
              FIND "TTL="
              3⤵
                PID:740
              • C:\Windows\system32\PING.EXE
                ping -t 2 0 10 127.0.0.1
                3⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2480
              • C:\Windows\system32\PING.EXE
                PING -n 1 -l 1000 sigma
                3⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:772
              • C:\Windows\system32\find.exe
                FIND "TTL="
                3⤵
                  PID:4996
                • C:\Windows\system32\PING.EXE
                  ping -t 2 0 10 127.0.0.1
                  3⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:684
                • C:\Windows\system32\PING.EXE
                  PING -n 1 -l 1000 sigma
                  3⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:3464
                • C:\Windows\system32\find.exe
                  FIND "TTL="
                  3⤵
                    PID:2440
                  • C:\Windows\system32\PING.EXE
                    ping -t 2 0 10 127.0.0.1
                    3⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:4760
                  • C:\Windows\system32\PING.EXE
                    PING -n 1 -l 1000 sigma
                    3⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:3636
                  • C:\Windows\system32\find.exe
                    FIND "TTL="
                    3⤵
                      PID:4644
                    • C:\Windows\system32\PING.EXE
                      ping -t 2 0 10 127.0.0.1
                      3⤵
                      • System Network Configuration Discovery: Internet Connection Discovery
                      • Runs ping.exe
                      PID:1212
                    • C:\Windows\system32\PING.EXE
                      PING -n 1 -l 1000 sigma
                      3⤵
                      • System Network Configuration Discovery: Internet Connection Discovery
                      • Runs ping.exe
                      PID:1244
                    • C:\Windows\system32\find.exe
                      FIND "TTL="
                      3⤵
                        PID:3800

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\8DD8.tmp\8DD9.tmp\8DDA.bat
                    Filesize

                    1KB

                    MD5

                    e45f09baae514b0afcad5189ac51bac1

                    SHA1

                    9091d2b194beefe1fa4235577ae70ac8aa2d8fe6

                    SHA256

                    445affc567a70d58a5184342b82d583e5523605a5b67a1937258aa5128a94d90

                    SHA512

                    2d5ff1e0e299f12477e0e76582b7a4fe9da32d5443b8c8ea68988957c4b9f21c8d382795945030d56aed93f4940e93d30acc2bac97e6e28253b037406f7c79a4

                    Download Submit