Analysis

  • max time kernel
    1s
  • max time network
    7s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-09-2024 09:58

General

  • Target

    NurikCrack/nurik/NursultanInstall.exe

  • Size

    303KB

  • MD5

    face0aff265464e545a9073824a5874d

  • SHA1

    04a59c0f10af4e1febaef3a70924d45df8834f4c

  • SHA256

    2fb096a7b9847060f61b8f936b5462fdc60d37b2bc1e9bb1bf03e828e92cdf48

  • SHA512

    9409ecd708da4f57b133546e1ace6aa78e99fa98de58c8e70608a7c138f7d1a0cd370d062714c68f36f441d9e9212c3e7898c6bf5df8c44b02270ba798c038e8

  • SSDEEP

    6144:y/2T6MDdbICydeBoKEG4pSJfNtvurxmI1D0Po+:y/8bEG4p6fIb1DJ+

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1255267341017550858/gDHwLRcJ5Z6vxkhOt8ckW-l8jpv2WEDTg_SHcL4h0K-yY_7I4qbWTz88XckD4XUGvzOw

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\NurikCrack\nurik\NursultanInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\NurikCrack\nurik\NursultanInstall.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4644-0-0x00007FFA8A733000-0x00007FFA8A735000-memory.dmp

    Filesize

    8KB

  • memory/4644-1-0x000001D738FC0000-0x000001D739012000-memory.dmp

    Filesize

    328KB

  • memory/4644-31-0x00007FFA8A730000-0x00007FFA8B1F2000-memory.dmp

    Filesize

    10.8MB

  • memory/4644-32-0x00007FFA8A730000-0x00007FFA8B1F2000-memory.dmp

    Filesize

    10.8MB