Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13-11-2024 17:10
Behavioral task
behavioral1
Sample
nurikalfa.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
nurikalfa.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
4lena.pyc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
4lena.pyc
Resource
win10v2004-20241007-en
General
-
Target
nurikalfa.exe
-
Size
63.1MB
-
MD5
35800d699502850b5665b109c0d266e7
-
SHA1
73e57d84aa043eb4d5cabb0488b6b76fcabe5be8
-
SHA256
b68cf8f600b5ad9107988a8f73fec054852416853dcf4b1b66c9bd63324baefe
-
SHA512
a52a3ea17ff67dbfa48bcdaf06ca326ecdafdf2ef3db5e7ddfd1cd296c4dda65859012369f054910790e2ddc600b57796e4ae40982e934e8a472920b2cf236f1
-
SSDEEP
1572864:X58eLX5WJoWbgWRSgkNOXWxtQSNfiI+sOX6yEpiyD:uYX5M3gbcKCW+nX3E8
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
nurikalfa.exepid Process 2124 nurikalfa.exe 2124 nurikalfa.exe 2124 nurikalfa.exe 2124 nurikalfa.exe 2124 nurikalfa.exe 2124 nurikalfa.exe 2124 nurikalfa.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
nurikalfa.exedescription pid Process procid_target PID 2104 wrote to memory of 2124 2104 nurikalfa.exe 32 PID 2104 wrote to memory of 2124 2104 nurikalfa.exe 32 PID 2104 wrote to memory of 2124 2104 nurikalfa.exe 32
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD519df2b0f78dc3d8c470e836bae85e1ff
SHA103f2b5b848a51ee52980bf8595c559b89865de07
SHA256bd9e07bbc62ce82dbc30c23069a17fbfa17f1c26a9c19e50fe754d494e6cd0b1
SHA512c1c2b97f484e640bfdda17f7ed604d0583c3d4eaf21abf35491ccedc37fa4866480b59a692776687e5fda3eaeafb4c7bdb34dec91f996fd377a328a89c8d5724
-
Filesize
18KB
MD5adb3471f89e47cd93b6854d629906809
SHA12cfc0c379fd7f23db64d15bdff2925778ff65188
SHA256355633a84db0816ab6a340a086fb41c65854c313bd08d427a17389c42a1e5b69
SHA512f53e11aa35911d226b676d454e873d0e84c189dd1caea8a0fe54d738933cd6b139eca48630f37f5979ef898950d99f3277cba6c7a697103f505d876bea62818c
-
Filesize
20KB
MD56b4f2ca3efceb2c21e93f92cdc150a9d
SHA12532af7a64ef4b5154752f61290dcf9ebeea290f
SHA256b39a515b9e48fc6589703d45e14dcea2273a02d7fa6f2e1d17985c0228d32564
SHA51263a42dd1cb95fd38ddde562108c78e39cb5d7c9406bf749339e717c2cd866f26268d49b6bd966b338de1c557a426a01a24c2480f64762fef587bc09d44ada53b
-
Filesize
18KB
MD5247061d7c5542286aeddade76897f404
SHA17285f85440b6eff8731943b73502f58ae40e95a2
SHA256ccb974c24ddfa7446278ca55fc8b236d0605d2caaf273db8390d1813fc70cd5b
SHA51223ef467f6bb336d3e8c38000d30a92dac68e2662891863475ff18dbddbbbce909c12d241b86dbdea085e7d19c82cd20d80a60ffb2845f6afebedf06507afe5bc
-
Filesize
18KB
MD5bdd63ea2508c27b43e6d52b10da16915
SHA12a379a1ac406f70002f200e1af4fed95b62e7cb8
SHA2567d4252ab1b79c5801b58a08ce16efd3b30d8235733028e5823f3709bd0a98bcf
SHA512b0393f0d2eb2173766238d2139ae7dea7a456606f7cb1b0e8bc0375a405bc25d28ef1c804802dddb5c3dbd88cfd047bfa5c93cbb475d1d6b5a9a893b51e25128
-
Filesize
5.5MB
MD5d06da79bfd21bb355dc3e20e17d3776c
SHA1610712e77f80d2507ffe85129bfeb1ff72fa38bf
SHA2562835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1
SHA512e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a
-
Filesize
959KB
MD534168a4af676d6a5733bbf7a0905d3c7
SHA1ba63e51ab3cd90666eb9a9bb0232502a5ec629ff
SHA2562ab2a74bcb5bfd8248d232eb3bc56698fb5173b9ff7fc0daf87d8120d0f448d7
SHA512c049c166b2b00dc30b0edae5d78badfffea7fb105f0cff9f3ae2c947ddf3ecde6331855b7ebed3f4ce923cc365b053b3a679319b2c6efa85ed0b9a7ddb5676ab