General
-
Target
nukewin.exe
-
Size
2.8MB
-
Sample
250503-mefdbagq4y
-
MD5
169fa148fd48e54485cf2cc844c19685
-
SHA1
d8032d8ab9cd67f13b778cc655776cfdbcc86e07
-
SHA256
61bf83fca05e85810e2dcaaf798990e7509dd7d1d386b5a263011da655c20961
-
SHA512
a9f67c539721c63d9092af12fe1bc725ab62b04f6809eb6f207156e9e843fe666ffd73afc8d16ad89fb7276b0f640985a64949c6cc1a94c91daf608d07f680a1
-
SSDEEP
49152:3MK1kjs1ElnRFH+sOVBIyYZqCyma5rWH/4:3Ojfz6bCsWHw
Static task
static1
Behavioral task
behavioral1
Sample
nukewin.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
nukewin.exe
-
Size
2.8MB
-
MD5
169fa148fd48e54485cf2cc844c19685
-
SHA1
d8032d8ab9cd67f13b778cc655776cfdbcc86e07
-
SHA256
61bf83fca05e85810e2dcaaf798990e7509dd7d1d386b5a263011da655c20961
-
SHA512
a9f67c539721c63d9092af12fe1bc725ab62b04f6809eb6f207156e9e843fe666ffd73afc8d16ad89fb7276b0f640985a64949c6cc1a94c91daf608d07f680a1
-
SSDEEP
49152:3MK1kjs1ElnRFH+sOVBIyYZqCyma5rWH/4:3Ojfz6bCsWHw
-
Modifies security service
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
MITRE ATT&CK Enterprise v16
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1