Analysis
-
max time kernel
3s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
22-11-2020 01:15
Static task
static1
Behavioral task
behavioral1
Sample
gen_nitro_v2.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gen_nitro_v2.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
gen_nitro_v2.exe
-
Size
9KB
-
MD5
4d57846cef02d7579aa54ec73141662a
-
SHA1
c0d0fbd338a7bf22653dd4bad37bfff191e48764
-
SHA256
7256d5031a35a7e400a8131cc484859cb1614213677220fde2d498d4078a8d75
-
SHA512
793b2e12d7afe60c0f32578fc41abe28fb745218c061036461ec7adbaa97861735a57f0b44469f6657ef98900ebebf1b0be0415b7e2b15f0ea67c243ffab7132
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 1896 cmd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
gen_nitro_v2.exedescription pid process Token: SeDebugPrivilege 1700 gen_nitro_v2.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
gen_nitro_v2.execmd.exedescription pid process target process PID 1700 wrote to memory of 1896 1700 gen_nitro_v2.exe cmd.exe PID 1700 wrote to memory of 1896 1700 gen_nitro_v2.exe cmd.exe PID 1700 wrote to memory of 1896 1700 gen_nitro_v2.exe cmd.exe PID 1896 wrote to memory of 2004 1896 cmd.exe choice.exe PID 1896 wrote to memory of 2004 1896 cmd.exe choice.exe PID 1896 wrote to memory of 2004 1896 cmd.exe choice.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\gen_nitro_v2.exe"C:\Users\Admin\AppData\Local\Temp\gen_nitro_v2.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\gen_nitro_v2.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 13⤵