Analysis
-
max time kernel
13s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 01:15
Static task
static1
Behavioral task
behavioral1
Sample
gen_nitro_v2.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gen_nitro_v2.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
gen_nitro_v2.exe
-
Size
9KB
-
MD5
4d57846cef02d7579aa54ec73141662a
-
SHA1
c0d0fbd338a7bf22653dd4bad37bfff191e48764
-
SHA256
7256d5031a35a7e400a8131cc484859cb1614213677220fde2d498d4078a8d75
-
SHA512
793b2e12d7afe60c0f32578fc41abe28fb745218c061036461ec7adbaa97861735a57f0b44469f6657ef98900ebebf1b0be0415b7e2b15f0ea67c243ffab7132
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
gen_nitro_v2.exedescription pid process Token: SeDebugPrivilege 2484 gen_nitro_v2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
gen_nitro_v2.execmd.exedescription pid process target process PID 2484 wrote to memory of 2176 2484 gen_nitro_v2.exe cmd.exe PID 2484 wrote to memory of 2176 2484 gen_nitro_v2.exe cmd.exe PID 2176 wrote to memory of 3736 2176 cmd.exe choice.exe PID 2176 wrote to memory of 3736 2176 cmd.exe choice.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\gen_nitro_v2.exe"C:\Users\Admin\AppData\Local\Temp\gen_nitro_v2.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\gen_nitro_v2.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 13⤵