Overview

overview

7

Static

static

1

nxt cleane...s .bat

windows7-x64

7

nxt cleane...s .bat

windows10-2004-x64

4

Analysis

  • max time kernel
    110s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2023, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nxt cleaner cracked as .bat

  • Size

    10KB

  • MD5

    d787252cce1e6e863a7e08f2951d1522

  • SHA1

    2e23d0692bfa09c1833489988cd344dd3b4b0958

  • SHA256

    186e096169bd80d50e25d59a3ecb776a1476404cc511a25256c5b9e10c6e2696

  • SHA512

    e75c010ec6e6ec6f3703b24456e2ce8e24ff2962f711221e3affdf748fee9a4246a828d9351351e36f5082db8a614ba798fad64a781156c1775f575eadbd25f8

  • SSDEEP

    96:hklk0k0ckjZlgD4n09a/W+/KTKASS/5ajnRNozl6OXOUvoXcv2Vdaoig+jrvL/IU:hklk0kpu/W+HUSV/HZ+4qaXU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\nxt cleaner cracked as .bat"
    1⤵
    • Deletes itself
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Windows\system32\PING.EXE
      ping -n 2 127.0.0.1
      2⤵
      • Runs ping.exe
      PID:1312
    • C:\Windows\system32\PING.EXE
      ping -n 2 127.0.0.1
      2⤵
      • Runs ping.exe
      PID:272
    • C:\Windows\system32\PING.EXE
      ping -n 2 127.0.0.1
      2⤵
      • Runs ping.exe
      PID:300
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1744
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:668
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im Origin.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://nxt.lol/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1584

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aabc5695bb32ead944fa3bbe91b1d377

    SHA1

    3d16b68239434eb76a9ec33d08fd8cccb06adb61

    SHA256

    72d1481a60087857496699b34f0c7e84210b65b0e918c137b6cddf6f9c32343f

    SHA512

    6b4d7744be8d2b34edd5abba38ea82450893446cfdb891e962477e132dfffb0002a084f8c4f3e66cc5d96d0770370a8ed66d4bf28690434a4110d0da4f345fb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7e4c3524d5e9f1f1b5a42309b3970e7

    SHA1

    a10bfd42fccabad5b4854579f8cd06ce3e23e074

    SHA256

    8702c8eab7967816a22d1fc9e149521705d6fa3a8aa9dfe796597bdb72128104

    SHA512

    2655d10dbf9bcc8e23e53f6e2cd6ee7e895f1061f651b0a247604341e4fa7a27231c68f532a800bbc3ab3fed8a821f47e7d9a522bbea756d4d19b829a9133bb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c51cc496fcf1b745f8afbcc1b51e97e8

    SHA1

    988e1a6d219842cbe44c2d1ad90d398dc9fb2572

    SHA256

    ef4e3767cb9ee5ebc3966aa8b023334f17de1076264407345eaf90c1496b5048

    SHA512

    d46c9e1add186a38abca53c7142042eb9350df814f2bc7044c18ee2a8538053fac597fc63ac7d32846ca64bdf000fcaeaec954e1adeeb7f6978d095502ff6ff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b300f1f661593c14d28b72ac11ab29c0

    SHA1

    bb850cbebd1953fdf475021c95d02f5affec347e

    SHA256

    5101f7b085256fe308dc44a61f4cb3871412d6a93484c336fd62699793956b3b

    SHA512

    71a7810a32d6f2d11b585367b2743823e80f183dd946281424dee3b542d1e3ed6a4ad3685049d7d4a0f8c2e6e4f8922cfe2194021839876b3732c5acd6c3f7c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ad100050f7e1924d79847e2f8413215

    SHA1

    c8892a8389700920f25e4d7569db685dbdd7198c

    SHA256

    3a015c42f8c86057acb98deb20e7fea4a5afc55687a75a286f7660cecbcfee7d

    SHA512

    934a2cc67e33b3fc7117183cdb0f0609dcdd83187db8d6001103ab1bceae0f559910dd96b781db9a6c6ecbcdf72430bd9eb52663df168aa40c35730a2a5e3557

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7fca64e92b3710cf2bfcfa125fd48339

    SHA1

    ce00f22a661a6ccd320cc7365ca04e56ce79cb19

    SHA256

    616f36b833d7bd2e413a134c1f01795916b7e2cb71d913ca0ad0ac5e77a2cf23

    SHA512

    aff08f7fae84a22e308f069a4792c2b91c30b56536bdd1dc7e083b5ef797f8b2c8161ffe7b98d731367fa136fbcc38755c0a20fd2ba59138590a201e107133bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6afaf235efb8bf9d4d990bf782dee3e

    SHA1

    c444c11946d62e957f28d79ada936607b5912d6f

    SHA256

    8ce9fede7c6e349badba76768906010a52f93a6a424b11b264e8f1c454f991b8

    SHA512

    0605ed96d585d29d9d4e9597ef5fc0f7b133d9aeaa29ec2a7cc663e83abe6763798f081c9c13b2959e0c84f0ca110eba6cbb90a20d4810da91e7921b48dcb596

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b1cf9195e3bfd170c663e6dc59a2d01

    SHA1

    d6c5414221fa833f3e0df6dd237a1efd4745df9d

    SHA256

    591c634127fa1d8dedcee04f9572a2de02a5d02d14604ff30cb174818d3f3e19

    SHA512

    616c3c871c366379bedb0a20a80a075e7ff1299ba7e634cdbed66181fd08653785d84d7a3e83546317fbc4a30d48fb5505c60ff6c74bde87557158ea4421f35f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    403b1528faf9d5b2468e0b6c1c5e0176

    SHA1

    50987e32075b4a4c8224f4befdde31838bdd61f1

    SHA256

    e29fc332574737be5abf4667118f54189f5738739f705a2f756c6f60667acf8e

    SHA512

    4a91b556cafc7986768dccec3c14fdd12cdc2393905ed8558aa436bff5f461d6dd5194e673ace40a8e402f91ede54c78f451d29f38b48cf78869e46dc8f39356

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbe317fc0677f6e14296ca3859c402ef

    SHA1

    d99884debdefdab8c0af7e854aedfe7d4d050517

    SHA256

    5e66a2460387a936b142e8304265f98ff2c7202c4d5dff9ca9239179e45e47f0

    SHA512

    9432d86bc0334cfa2312f8e49f6b8f7f93b0be85996c8b4965585b2dda0097968b26bb976afe2e3ee0c1ac6594c71d63668b0a1c0f8c9cb3ec21729c92672a25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a3214e2d43798f542121c4497991934

    SHA1

    bdf792b04b7abfa652172b0ce32eaf1440ef5b5e

    SHA256

    42131736c28d70b4d035e8059429e86f8ac90f03e2cac21d95273815ff94d7fe

    SHA512

    985077768da7178fd97819a2e2689ef0f93d2df148ed9ef70d405b750f879ee0182ffce605e3f890ec27aa1859a776587f259cd3e21076f3ed547347e5ec17e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab57E1.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PTJ7TT72.txt
    Filesize

    607B

    MD5

    4f29d4892f475074e09f5259420e11b7

    SHA1

    59b169c66de331aa79d7aec3f60aafba606e35eb

    SHA256

    afe6eb3a9d46ef4af444a3386e0c0e050bd9248a87c5d39c71d41a37bc310fb1

    SHA512

    5b345129adb8639587b22a3907d8eace323c62229a3ba3a59a8c0d937563497e07958f537ff88259c62b87783f15cb926759bd0aa21bdd7fd3512b9ae4e38e7e

    Download Submit