22a6eb0862594b96fd3b3f9345f40d9e51e0514ca79729e01454e0f4586961ca

Analysis

max time kernel
95s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hackz Nuker.exe
Size

10.2MB
MD5

9c4946a5517669a8c2c1831abfafcec0
SHA1

e5fd6691b6df0dbc99078afe907a23690667c9c1
SHA256

22a6eb0862594b96fd3b3f9345f40d9e51e0514ca79729e01454e0f4586961ca
SHA512

e4a26051ee6515c4bc8528dde5906c307aac5dcf2312344b3bffbbac0c02a6be9aee8953cd33e4ac0f1d43a58c69e14e7957b162d0c10b424639c5e2dac41010
SSDEEP

196608:Zklhz/6hQWfbwen/RNrlHAjoG+IGCsXDjDyf4iZkJMrmvYqcLJUkddARQEc:OOhQOZxlHOFGCEDiZkqaLcLJUk0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 31 IoCs

pid	Process
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe
4496	Hackz Nuker.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4496	4912	Hackz Nuker.exe	84
PID 4912 wrote to memory of 4496	4912	Hackz Nuker.exe	84
PID 4496 wrote to memory of 4464	4496	Hackz Nuker.exe	85
PID 4496 wrote to memory of 4464	4496	Hackz Nuker.exe	85
PID 4464 wrote to memory of 1104	4464	cmd.exe	86
PID 4464 wrote to memory of 1104	4464	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe
"C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe
  "C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls & mode 85,20 & title Hackz Nuker - Settings
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Windows\system32\mode.com
      mode 85,20
      4⤵
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI49122\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\VCRUNTIME140_1.dll

Filesize
35KB

MD5
9cff894542dc399e0a46dee017331edf

SHA1
d1e889d22a5311bd518517537ca98b3520fc99ff

SHA256
b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca

SHA512
ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_asyncio.pyd

Filesize
63KB

MD5
86c1fa7f84e05043885f0e510508d409

SHA1
397806fdb6dbf7c513c18b0e56032e0eddf4a250

SHA256
69a7e18b4284aee2d796320cb81079ed4419d643dc58f342e2bee83eef1f215b

SHA512
9be67af77324add7641d1d8717a8037abc7d71573310b2df593b6d502193ce07f7a17496ed6b01546d3b9428eac1d043f8decf25be663f14d20c1402b162c76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_brotli.cp39-win_amd64.pyd

Filesize
861KB

MD5
2c7528407abfd7c6ef08f7bcf2e88e21

SHA1
ee855c0cde407f9a26a9720419bf91d7f1f283a7

SHA256
093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

SHA512
93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_bz2.pyd

Filesize
84KB

MD5
e91b4f8e1592da26bacaceb542a220a8

SHA1
5459d4c2147fa6db75211c3ec6166b869738bd38

SHA256
20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f

SHA512
cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_cffi_backend.cp39-win_amd64.pyd

Filesize
178KB

MD5
8fad23c4023a62718ab512b31a58baa0

SHA1
3539b76e7cec9b73492f5c588fc80c424918eb82

SHA256
5dbadae6fff1fbfcac1937d3f0d38a75fe61ce2968240193f3ebd35d00e41ea9

SHA512
d02bfddf9b21e474eb1b43d338ff14e573f6639a67c4f9d8ca5d2b53edf13317107f42e660c3596d91650dbbff6863e12ee17c459c26aa4a0da708d6a80dab53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_ctypes.pyd

Filesize
124KB

MD5
6fe3827e6704443e588c2701568b5f89

SHA1
ac9325fd29dead82ccd30be3ee7ee91c3aaeb967

SHA256
73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391

SHA512
be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_hashlib.pyd

Filesize
64KB

MD5
7c69cb3cb3182a97e3e9a30d2241ebed

SHA1
1b8754ff57a14c32bcadc330d4880382c7fffc93

SHA256
12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20

SHA512
96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_lzma.pyd

Filesize
159KB

MD5
493c33ddf375b394b648c4283b326481

SHA1
59c87ee582ba550f064429cb26ad79622c594f08

SHA256
6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16

SHA512
a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_overlapped.pyd

Filesize
45KB

MD5
0d41b13272bdf3655470f280009a67e5

SHA1
47285ca0a012fa747ec0f441266c88792847842b

SHA256
8cd7e2c9892146816357c3e045ab7571959f6355f17a2cc6d8e72c184d67be2d

SHA512
2db7d0f2210798bba2fd416876ee2f212c1d153d839f38660e7d0c6e2b5e51d96c7d400b3a477da02aa5027a3701da4341bf96a393997851c79a2ae9fb686945

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_queue.pyd

Filesize
28KB

MD5
103a38f7fbf0da48b8611af309188011

SHA1
1db9e2cb2a92243da12efdca617499eb93ddcbf8

SHA256
3bc50ac551635b9ce6fbcddea5d3d621c1216e49e9958fa24546ab8f6f2d111a

SHA512
2e6c4b9786034cbf6a6d94761ed31807657ee10edd679147c838a2e6e97a0c13acd6e59bc6e69edf1ca725f12e0f972a0de0ae4b331da46dccd687c59096a250

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_socket.pyd

Filesize
78KB

MD5
fd1cfe0f0023c5780247f11d8d2802c9

SHA1
5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc

SHA256
258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6

SHA512
b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_ssl.pyd

Filesize
151KB

MD5
34b1d4db44fc3b29e8a85dd01432535f

SHA1
3189c207370622c97c7c049c97262d59c6487983

SHA256
e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6

SHA512
f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_uuid.pyd

Filesize
22KB

MD5
71ab50ef5e336b855e6289b0ac3e712d

SHA1
e06c3b0d482623393d2e2179de0ff56eb99c4240

SHA256
6f1cc2d6a770f1b441dc6371decae414ea1bd509b0e37b423faa33fc98a28b7e

SHA512
345b4d664f3bc29cfb743a95f78898651f8d3d1ac1365b89690068888202ee58f59f341466f26bb94bd568b67f2d3fcf2e5f022c9c25f2ca25d5baf0aa514682

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\aiohttp\_frozenlist.cp39-win_amd64.pyd

Filesize
63KB

MD5
f2454e08f168a9af3b6aabf41c5488e3

SHA1
3ba72153103db0292c555eba4f43f37bddd43a51

SHA256
6a563a4ddc233ed5f01f8635d590366b5a078ac73a28a82d837f24bec23dd14f

SHA512
3b2008e5ff3009664d7eeafffc3c8bfe420e337177a3f6926314773d65b6622a09b192e893ec50f0b366f356c9b4768358e352cba96127f85f529ce255eb8c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\aiohttp\_helpers.cp39-win_amd64.pyd

Filesize
47KB

MD5
6815a1c38a30d6ae70027184c09adccf

SHA1
ce5afe856c4445d173c0d524f139d1aed3cc4e65

SHA256
399dfeee9a2f8c6a132c2d4d28931f4c6c0f1d1394de54b182a6457d9143a418

SHA512
efd4fa17a9611ca4337cc667b164e83745bbc4043c226e684957146c9bc2ba37c892940845ec2ff0142d3fe604654a12bf05022782d0c0c3194e4d109b5ebf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\aiohttp\_http_parser.cp39-win_amd64.pyd

Filesize
230KB

MD5
67946fe0102b3555988a8edd321946c0

SHA1
a93b16df8e9ccbfe2892e4676f58a695cde9604a

SHA256
636a925eb31c3a7de39cb9495613b13570606a0672d3e699cb6983287e0c01e3

SHA512
786a4e6c49f77bf6cffce5c98cbc66d518075309dacc4c3df286d3c3bc21f7c0cf7986bf85e374827ec7951c13acdd031e76c336bd1fb4fd265aa03a8a28dfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\aiohttp\_http_writer.cp39-win_amd64.pyd

Filesize
41KB

MD5
1a518361de37d98224ff98bf47618ecf

SHA1
f81def8f71d203aaf68774f6e1158ccceb5806bc

SHA256
84e8b37d6fd0162610deb3c1d4887f70e6447850321eea846f860efc2862704b

SHA512
7ffef935ba56e2bbad0c569e63f5d33d83dfc72e10252ee259c6fff9859c4e302405a8c017012a9efa6da40ecc1de1ad3248a89404d8532b78b177a6d2ce305f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\aiohttp\_websocket.cp39-win_amd64.pyd

Filesize
27KB

MD5
5fdb53cff23dc82384c70db00ada94c0

SHA1
c52391eadeafe9933682c7dbee182200b0640688

SHA256
d1c463b5c7a878ef5358a63bb0ea9e87311fe1f416f762bd18b4888c170c647f

SHA512
2d81e2eed6b4f37c4178141a24cf4475d27378a5bad3b6f8af022b185050ee9832de5db31271e5ca6e5e397f2e8a2a36edf9ca7eb6e0a9b918e3e8618c22e60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\base_library.zip

Filesize
763KB

MD5
dc1b529c08922e4812f714899d15b570

SHA1
4aae3300cb3556033e22cdb47b65d1518c4dd888

SHA256
faca55ba76983313bc00e8044be99332c13b58398c377c09108999d6bf339a6a

SHA512
2aed265d4723a8e97ac2fbed6bae1475605631f67f7987ca464b7c582b45d4cabb82ae0928396c0f756257e2c09c9b583b08bf36622f7a7694ea856101fb825c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\multidict\_multidict.cp39-win_amd64.pyd

Filesize
43KB

MD5
d70507ffb5d2f6d527e32546fd138d0e

SHA1
3c43e86ac5afa6c4064b17fcaff45be5a2bbb9d3

SHA256
9fb82e21ee4f4d37d019b7053e6be4d9eed8c92cd12a3f7211125032c6e8cb22

SHA512
15933d164c1df23bfe8960a465b6ceedb34b765861ce8cc53bb87fe37745c59f8ee132891b5dc408278b8ad78d7c098f450291350c2e577436ebf2d49ac53faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\nacl\_sodium.pyd

Filesize
336KB

MD5
f2f8c186dbb91b3dddf6aa7b44ee05d4

SHA1
95eb61564c5191e59ca5e359646e9564d77a6f97

SHA256
ca83a6731e6d49ccb86d94601b148bd4cc36ad89f9cdaae6eec46481047d13ec

SHA512
ae2c2ef8abf304cd9132add4cc2f08c4c5486ad96058351fe101788d014a04cb554dec5fab779f9a2ccb9d13ffac45dca3db89e36de163076e5b4c9ff171738e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\python3.DLL

Filesize
58KB

MD5
e438f5470c5c1cb5ddbe02b59e13ad2c

SHA1
ec58741bf0be7f97525f4b867869a3b536e68589

SHA256
1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

SHA512
bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\select.pyd

Filesize
28KB

MD5
0e3cf5d792a3f543be8bbc186b97a27a

SHA1
50f4c70fce31504c6b746a2c8d9754a16ebc8d5e

SHA256
c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460

SHA512
224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\unicodedata.pyd

Filesize
1.1MB

MD5
7af51031368619638cca688a7275db14

SHA1
64e2cc5ac5afe8a65af690047dc03858157e964c

SHA256
7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6

SHA512
fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\yarl\_quoting_c.cp39-win_amd64.pyd

Filesize
78KB

MD5
b9dbd65dd477f78e292494852ed9cfb8

SHA1
d0c78884460fc4fd9810a00c9cd728629db40da4

SHA256
e7af21ec47fa1aea28ecc7516b389102514e9e5720b4af89e7aa48b489d4a500

SHA512
ef139107342dbb251079a800f275dce170891b5ea829395b256adebee60cae4e14fc852a58b0f476b4b7d3d87cc180046e691a855e4edc62c1baace6b53ab96b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads