Analysis
-
max time kernel
93s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-06-2024 16:44
General
-
Target
Nyx.exe
-
Size
3.5MB
-
MD5
00ec60cd1add4a2f61e48c7b0a6c810f
-
SHA1
174af7f09725d67d522e65066d3e3662da50a4e2
-
SHA256
df4da6874570d3e753519898684bbad60378725d24f9557f5d5294fcfd795a29
-
SHA512
244afaa72bea7b46633dbaf79bdac388dfaf190e88d3a7675d16b36cfaeb39e9b47f1dc6ac1ddc059c64e091dfff562460ac83f9e669e42c3f90ac9fc44c1003
-
SSDEEP
98304:zcwncs4fUCBRTna03MfhwbIZosECIMRvl:Ywnc3HdahZ4IgCr
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nyx.exe"C:\Users\Admin\AppData\Local\Temp\Nyx.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 14762⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 2944 -ip 29441⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2944-0-0x0000000000330000-0x0000000000C70000-memory.dmpFilesize
9.2MB
-
memory/2944-5-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-4-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-3-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-2-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-1-0x00000000759D0000-0x00000000759D1000-memory.dmpFilesize
4KB
-
memory/2944-6-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-7-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-10-0x0000000000330000-0x0000000000C70000-memory.dmpFilesize
9.2MB
-
memory/2944-11-0x0000000000330000-0x0000000000C70000-memory.dmpFilesize
9.2MB
-
memory/2944-12-0x0000000006AB0000-0x0000000007054000-memory.dmpFilesize
5.6MB
-
memory/2944-13-0x00000000037A0000-0x0000000003832000-memory.dmpFilesize
584KB
-
memory/2944-14-0x0000000003770000-0x000000000377A000-memory.dmpFilesize
40KB
-
memory/2944-16-0x00000000759B0000-0x0000000075AA0000-memory.dmpFilesize
960KB
-
memory/2944-17-0x0000000000330000-0x0000000000C70000-memory.dmpFilesize
9.2MB