Reads data out of its own binary image Show sources
| api_process_name | process: 2fe9b1b874c6bc2bf266e81d3ff9a483b50ec40c.exe, pid: 2300, offset: 0x00000000, length: 0x0004d000 |
| api_process_name | process: 2fe9b1b874c6bc2bf266e81d3ff9a483b50ec40c.exe, pid: 2300, offset: 0x000093de, length: 0x00000688 |
| api_process_name | process: nioocem.exe, pid: 2408, offset: 0x00000000, length: 0x0004d000 |
| api_process_name | process: nioocem.exe, pid: 2408, offset: 0x000093de, length: 0x00000688 |
Attempts to connect to a dead IP:Port (1 unique times) Show sources
| network_host_ip | 77.247.183.155:8000 (Netherlands) |
Attempts to disable Windows Auto Updates Show sources
| registry_write | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate |
Drops a binary and executes it Show sources
| file_dropped | C:\Users\user\nioocem.exe |
Installs itself for autorun at Windows startup Show sources
| registry_write | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\nioocem |
| data | C:\Users\user\nioocem.exe /b |
Attempts to modify Explorer settings to prevent hidden files from being displayed Show sources
| registry_write | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden |
Creates a hidden or system file Show sources
| file_write | C:\Users\user\nioocem.exe |