Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 18:05
Static task
static1
Behavioral task
behavioral1
Sample
Nexus/VST/Nexus3.4.4.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Nexus/VST/Nexus3.4.4.dll
Resource
win10v2004-20240226-en
General
-
Target
Nexus/VST/Nexus3.4.4.dll
-
Size
8.5MB
-
MD5
3f5d64b7e6bf4d6f9cebe8a180ba3c2b
-
SHA1
3f7d18309274daf0a39c501c71d18c1229496721
-
SHA256
88961cd14b71041a5139dd58a263d00addb91b96f53db51fb57ff30bb2b46c75
-
SHA512
bf95fafb6f5c9330b0c3491541796710961ddb9b72a9c8458ddf2076b089c3e9a6bf24daeb348274a3109cef4aab21a1f13d95f1f66c7e3ffd2cd10c5e96701a
-
SSDEEP
196608:De3Bhdgk7cBITaNXhmJGIMYga5EoiKEyQB6/jeXXl+raZgUt:DeXd1cI6XhmJWYgatTEyGXo
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion rundll32.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
rundll32.exedescription ioc process File opened for modification \??\PhysicalDrive0 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2020 wrote to memory of 1820 2020 rundll32.exe WerFault.exe PID 2020 wrote to memory of 1820 2020 rundll32.exe WerFault.exe PID 2020 wrote to memory of 1820 2020 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Nexus\VST\Nexus3.4.4.dll,#11⤵
- Checks BIOS information in registry
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2020 -s 3402⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2020-1-0x000007FEF4A80000-0x000007FEF5F81000-memory.dmpFilesize
21.0MB
-
memory/2020-2-0x000007FEF3570000-0x000007FEF4A71000-memory.dmpFilesize
21.0MB
-
memory/2020-3-0x000007FEF4A80000-0x000007FEF5F81000-memory.dmpFilesize
21.0MB
-
memory/2020-4-0x0000000000180000-0x0000000000185000-memory.dmpFilesize
20KB
-
memory/2020-5-0x000007FEF3570000-0x000007FEF4A71000-memory.dmpFilesize
21.0MB