Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
22s -
max time network
24s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 12:28
Static task
static1
Behavioral task
behavioral1
Sample
Nuclear-Free.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Nuclear-Free.exe
Resource
win10v2004-20240802-en
General
-
Target
Nuclear-Free.exe
-
Size
124KB
-
MD5
262cc07e9bbe1eee2a04fed69fe02ca2
-
SHA1
3eedd0608fc413dc66a9eac597f755faaeaa4aef
-
SHA256
db096016b86351bff457c1ef6149a4f2680c21d79797218807a31b9ac2af3d81
-
SHA512
00789fb958107a6f631842a9f2f5abe1185c8f0fc0cf6f72cfd622e215b8c0b2d943e8e84c6b852b1e2be2ffb8aac2d848a2f2bafe2f733c529e821bf7d438d5
-
SSDEEP
1536:g7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIftwNiY8z6leO4:e7DhdC6kzWypvaQ0FxyNTBftRZz6k
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Nuclear-Free.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 15 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2312 PING.EXE 3636 PING.EXE 5104 PING.EXE 4508 PING.EXE 860 PING.EXE 3464 PING.EXE 1212 PING.EXE 3336 PING.EXE 3132 PING.EXE 4340 PING.EXE 772 PING.EXE 684 PING.EXE 4760 PING.EXE 2480 PING.EXE 1244 PING.EXE -
Runs ping.exe 1 TTPs 15 IoCs
pid Process 3464 PING.EXE 4760 PING.EXE 5104 PING.EXE 4508 PING.EXE 860 PING.EXE 684 PING.EXE 3336 PING.EXE 4340 PING.EXE 1212 PING.EXE 2312 PING.EXE 772 PING.EXE 3636 PING.EXE 1244 PING.EXE 3132 PING.EXE 2480 PING.EXE -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 4884 wrote to memory of 3604 4884 Nuclear-Free.exe 84 PID 4884 wrote to memory of 3604 4884 Nuclear-Free.exe 84 PID 3604 wrote to memory of 3336 3604 cmd.exe 93 PID 3604 wrote to memory of 3336 3604 cmd.exe 93 PID 3604 wrote to memory of 1392 3604 cmd.exe 94 PID 3604 wrote to memory of 1392 3604 cmd.exe 94 PID 3604 wrote to memory of 3132 3604 cmd.exe 96 PID 3604 wrote to memory of 3132 3604 cmd.exe 96 PID 3604 wrote to memory of 5104 3604 cmd.exe 97 PID 3604 wrote to memory of 5104 3604 cmd.exe 97 PID 3604 wrote to memory of 5068 3604 cmd.exe 98 PID 3604 wrote to memory of 5068 3604 cmd.exe 98 PID 3604 wrote to memory of 4340 3604 cmd.exe 99 PID 3604 wrote to memory of 4340 3604 cmd.exe 99 PID 3604 wrote to memory of 2312 3604 cmd.exe 100 PID 3604 wrote to memory of 2312 3604 cmd.exe 100 PID 3604 wrote to memory of 4752 3604 cmd.exe 101 PID 3604 wrote to memory of 4752 3604 cmd.exe 101 PID 3604 wrote to memory of 4508 3604 cmd.exe 104 PID 3604 wrote to memory of 4508 3604 cmd.exe 104 PID 3604 wrote to memory of 860 3604 cmd.exe 105 PID 3604 wrote to memory of 860 3604 cmd.exe 105 PID 3604 wrote to memory of 740 3604 cmd.exe 106 PID 3604 wrote to memory of 740 3604 cmd.exe 106 PID 3604 wrote to memory of 2480 3604 cmd.exe 107 PID 3604 wrote to memory of 2480 3604 cmd.exe 107 PID 3604 wrote to memory of 772 3604 cmd.exe 108 PID 3604 wrote to memory of 772 3604 cmd.exe 108 PID 3604 wrote to memory of 4996 3604 cmd.exe 109 PID 3604 wrote to memory of 4996 3604 cmd.exe 109 PID 3604 wrote to memory of 684 3604 cmd.exe 110 PID 3604 wrote to memory of 684 3604 cmd.exe 110 PID 3604 wrote to memory of 3464 3604 cmd.exe 111 PID 3604 wrote to memory of 3464 3604 cmd.exe 111 PID 3604 wrote to memory of 2440 3604 cmd.exe 112 PID 3604 wrote to memory of 2440 3604 cmd.exe 112 PID 3604 wrote to memory of 4760 3604 cmd.exe 113 PID 3604 wrote to memory of 4760 3604 cmd.exe 113 PID 3604 wrote to memory of 3636 3604 cmd.exe 114 PID 3604 wrote to memory of 3636 3604 cmd.exe 114 PID 3604 wrote to memory of 4644 3604 cmd.exe 115 PID 3604 wrote to memory of 4644 3604 cmd.exe 115 PID 3604 wrote to memory of 1212 3604 cmd.exe 116 PID 3604 wrote to memory of 1212 3604 cmd.exe 116 PID 3604 wrote to memory of 1244 3604 cmd.exe 117 PID 3604 wrote to memory of 1244 3604 cmd.exe 117 PID 3604 wrote to memory of 3800 3604 cmd.exe 118 PID 3604 wrote to memory of 3800 3604 cmd.exe 118
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nuclear-Free.exe"C:\Users\Admin\AppData\Local\Temp\Nuclear-Free.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4884 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8DD8.tmp\8DD9.tmp\8DDA.bat C:\Users\Admin\AppData\Local\Temp\Nuclear-Free.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3336
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:1392
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3132
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:5104
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:5068
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4340
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2312
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:4752
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4508
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:860
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:740
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2480
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:772
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:4996
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:684
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3464
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:2440
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4760
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3636
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:4644
-
-
C:\Windows\system32\PING.EXEping -t 2 0 10 127.0.0.13⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1212
-
-
C:\Windows\system32\PING.EXEPING -n 1 -l 1000 sigma3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1244
-
-
C:\Windows\system32\find.exeFIND "TTL="3⤵PID:3800
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e45f09baae514b0afcad5189ac51bac1
SHA19091d2b194beefe1fa4235577ae70ac8aa2d8fe6
SHA256445affc567a70d58a5184342b82d583e5523605a5b67a1937258aa5128a94d90
SHA5122d5ff1e0e299f12477e0e76582b7a4fe9da32d5443b8c8ea68988957c4b9f21c8d382795945030d56aed93f4940e93d30acc2bac97e6e28253b037406f7c79a4