Analysis

  • max time kernel
    53s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-09-2024 09:58

General

  • Target

    NurikCrack/nurik/NursultanInstall.exe

  • Size

    303KB

  • MD5

    face0aff265464e545a9073824a5874d

  • SHA1

    04a59c0f10af4e1febaef3a70924d45df8834f4c

  • SHA256

    2fb096a7b9847060f61b8f936b5462fdc60d37b2bc1e9bb1bf03e828e92cdf48

  • SHA512

    9409ecd708da4f57b133546e1ace6aa78e99fa98de58c8e70608a7c138f7d1a0cd370d062714c68f36f441d9e9212c3e7898c6bf5df8c44b02270ba798c038e8

  • SSDEEP

    6144:y/2T6MDdbICydeBoKEG4pSJfNtvurxmI1D0Po+:y/8bEG4p6fIb1DJ+

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1255267341017550858/gDHwLRcJ5Z6vxkhOt8ckW-l8jpv2WEDTg_SHcL4h0K-yY_7I4qbWTz88XckD4XUGvzOw

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\NurikCrack\nurik\NursultanInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\NurikCrack\nurik\NursultanInstall.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3156-0-0x00007FFF213E3000-0x00007FFF213E5000-memory.dmp

    Filesize

    8KB

  • memory/3156-1-0x00000258F4D90000-0x00000258F4DE2000-memory.dmp

    Filesize

    328KB

  • memory/3156-33-0x00007FFF213E0000-0x00007FFF21EA1000-memory.dmp

    Filesize

    10.8MB

  • memory/3156-34-0x00007FFF213E0000-0x00007FFF21EA1000-memory.dmp

    Filesize

    10.8MB