51fc8dc03eca49528064dc469aafa0d1df10bd5a48a22896dfc4c5cc5f8899a5

Analysis

max time kernel
93s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-01-2025 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nigger.exe
Size

903KB
MD5

72524fbc022c3beb0550f62e5e727343
SHA1

8671520865d2c9c31e63c4c8c5405bc6e16d30d1
SHA256

51fc8dc03eca49528064dc469aafa0d1df10bd5a48a22896dfc4c5cc5f8899a5
SHA512

a09077f5b6cfd692e7b088ed1c9da6ce4afc52ab1f60bce6f5968069d85ae78fe1bf23de185443e1ed01da01b262cc5c63e6a4cecca0bf8f5fac8a3aebe90157
SSDEEP

12288:r8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBH:Y3s4MROxnF9LqrZlI0AilFEvxHiho

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	nigger.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	nigger.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	nigger.exe
File created	C:\Windows\assembly\Desktop.ini	nigger.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	nigger.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 3600	4580	nigger.exe	77
PID 4580 wrote to memory of 3600	4580	nigger.exe	77
PID 3600 wrote to memory of 4728	3600	csc.exe	79
PID 3600 wrote to memory of 4728	3600	csc.exe	79

C:\Users\Admin\AppData\Local\Temp\nigger.exe
"C:\Users\Admin\AppData\Local\Temp\nigger.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mvd_msfb.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9403.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9402.tmp"
    3⤵
    PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES9403.tmp

Filesize
1KB

MD5
65847ff97e9aab0a8e6eca36d833b536

SHA1
063d4a22bd5a32f9e08919200f860361f6563bca

SHA256
a718032dd05b02b529c76632ed70662e274bf1ebf24cfc8de9bd3b8e61b2d16c

SHA512
72abb9fb51f4c96c64656fed9662dae6cc2043451d07813970dd3e6341cfff5e5cba9a0f173a44caab512c2d849f6712d766505f65d4ce92046e8f77edf01a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\mvd_msfb.dll

Filesize
76KB

MD5
fdbc3425a7e52e464a2ecec7498558c1

SHA1
bf34fc7f43118bb49aa25d681e80e4f83aa0ad7a

SHA256
0176f3ac62cec00ae8a522bc42d2c0ce9cdcacfb71b2b5d81a93d2ceff7cf9c0

SHA512
7f5c6bf33c404540da750f6c3f698c4480c48a6c6636527a7bed0ed3f47926db5ff991ebc0a71d92dcae8c3ddd47f08087a22adc0570bd0cc91cb7970d26a8fc

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9402.tmp

Filesize
676B

MD5
0d527f1773899bbba56e9f6c74c40a9c

SHA1
f9b23171c1f4bed89ccb039a3c6dadb59dfa77ce

SHA256
7291073ac869582db3029e8383debc4c2222936c8ce10c92493c9ca127e7fa25

SHA512
f801471e925f5d38b1561c2bac94609e05447969cc2430748b86d16a7c62133641b8252446dd44a018e58ef2660b52010d6a74603a0916e956520b2ccdadeb8a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mvd_msfb.0.cs

Filesize
208KB

MD5
baf44e58daf11ad1ab5fa63b8da48beb

SHA1
4aeaaf51b2bc42d1f63c0be08fc94faa94d749bf

SHA256
2b721f67919a9d21b6982bfb0bba22416daa8292b546fad8cd8dc56486cf77ea

SHA512
d00b49a64a8e2beb062a5dd84fc2977d3e1d4cfd469eaab86a2a0f09acda535f4d96fa7d8fcb2b64bca39f2b8490cb68cb778f58600f17dfc52fd3bf4bf7d8ae

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mvd_msfb.cmdline

Filesize
349B

MD5
237e33262631bd989af8c4f62d55643e

SHA1
d427f18e12d647228626b4367af74fb36f32aee2

SHA256
10de1bb3cbcdd27d7298e08262d658719bb1a36edf6fad26be252ad0cad9f4d5

SHA512
a7ebea50cf19f37a05c0379bbd8396eed52d825be56c84b2942fe9552b6b8928b5fddfb5f03419856651b0a915cb2f8d1de71338a6348f7774ebd6ee08926326

Download Submit
memory/3600-21-0x00007FFE9DAB0000-0x00007FFE9E451000-memory.dmp

Filesize
9.6MB

Download
memory/3600-14-0x00007FFE9DAB0000-0x00007FFE9E451000-memory.dmp

Filesize
9.6MB

Download
memory/4580-0-0x00007FFE9DD65000-0x00007FFE9DD66000-memory.dmp

Filesize
4KB

Download
memory/4580-8-0x000000001C210000-0x000000001C2AC000-memory.dmp

Filesize
624KB

Download
memory/4580-7-0x00007FFE9DAB0000-0x00007FFE9E451000-memory.dmp

Filesize
9.6MB

Download
memory/4580-5-0x000000001B760000-0x000000001B76E000-memory.dmp

Filesize
56KB

Download
memory/4580-2-0x000000001B580000-0x000000001B5DC000-memory.dmp

Filesize
368KB

Download
memory/4580-6-0x000000001BCA0000-0x000000001C16E000-memory.dmp

Filesize
4.8MB

Download
memory/4580-23-0x000000001B7A0000-0x000000001B7B6000-memory.dmp

Filesize
88KB

Download
memory/4580-1-0x00007FFE9DAB0000-0x00007FFE9E451000-memory.dmp

Filesize
9.6MB

Download
memory/4580-25-0x000000001B470000-0x000000001B482000-memory.dmp

Filesize
72KB

Download
memory/4580-26-0x000000001B440000-0x000000001B448000-memory.dmp

Filesize
32KB

Download
memory/4580-27-0x00007FFE9DAB0000-0x00007FFE9E451000-memory.dmp

Filesize
9.6MB

Download
memory/4580-29-0x00007FFE9DAB0000-0x00007FFE9E451000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads