Overview

overview

3

Static

static

1

nitro-gene...er.zip

windows7-x64

3

nitro-gene...er.zip

windows10-2004-x64

1

nitro-gene...ICENSE

windows7-x64

1

nitro-gene...ICENSE

windows10-2004-x64

1

nitro-gene...DME.md

windows7-x64

3

nitro-gene...DME.md

windows10-2004-x64

3

nitro-gene...es.txt

windows7-x64

1

nitro-gene...es.txt

windows10-2004-x64

1

nitro-gene...ain.py

windows7-x64

3

nitro-gene...ain.py

windows10-2004-x64

3

nitro-gene...ts.txt

windows7-x64

1

nitro-gene...ts.txt

windows10-2004-x64

1

Resubmissions

29/06/2023, 02:49

230629-dbah8acg2t 3

29/06/2023, 02:47

230629-dac8qacg2s 1

29/06/2023, 02:43

230629-c7zbsabg67 3

Analysis

  • max time kernel
    149s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2023, 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nitro-generator-master/main.py

  • Size

    3KB

  • MD5

    15e6b68cc73f5451e73b952d0cb6f9fe

  • SHA1

    c1c80ec834363e29792ba5b4adb5d7f5eafd397f

  • SHA256

    ca0979d24459cbd3e850bb6b1c65e2afa52500450994ce771902173e201a1b7d

  • SHA512

    b3863bc78200d9a4d7c3871439a19139a78ab9195036e1fbaf3b785ba449ec82d965f895175f92e211be1cbb75f2abe458f0ea3182da8ff9e5401c19cb9f4f7b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nitro-generator-master\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\nitro-generator-master\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:848
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\nitro-generator-master\main.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7dc683e78b2898fbe5be09bcbc1c5ce6

    SHA1

    4026dcd5649d7cff6d6e7afa699de755a3c06bc2

    SHA256

    c68c887c3d4935d92decf854e047faadd5f9233ac4b90eba3fb1b2a864c39ec1

    SHA512

    dc6b58edcb3c9714654cf02a4446c1745326b798e80e1d7ec129ecd387600083b0f08b4f9c53927dbd25e216e94fe9fc62244845536ee5e7cf967065dad00190

    Download Submit