Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
01/07/2023, 04:20
General
-
Target
Nitro.exe
-
Size
744KB
-
MD5
cca6a61f8112ae64dd18272ae6d22c00
-
SHA1
b89c19326e250b8e02b176d4c6d6f617fa1c55d1
-
SHA256
5fe6a791be0a3438a7703bb94851f229f81e86e8e30f87818537f0382976d6c1
-
SHA512
dad78a3c209a2962fee632aadd3286bd4e5ee9efe0bfacb3d0dde13b025f68102d2a581d787cc332b1e13641815e518713970502721d28c48f7022fea562aeb6
-
SSDEEP
12288:heRtB1y90+ulRrNetMy1Yc7uKyftkXnSRWyhM5eakDm3HTiw34jFju:Kj1y9WRxeSRKuJqCrNaomOw34j8
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nitro.exe"C:\Users\Admin\AppData\Local\Temp\Nitro.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CERTUTIL.exeCERTUTIL - DECODE NAME.TXT NiITRO.EXE2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD584114ba897175da47bec94781e843739
SHA185d079f7db713c4a2607b07df043d979a8cd4aaf
SHA256a86db7bb74499c976fb00a902b905e3fea2982405344cb0f4966192f50e4dbb5
SHA512b777adf4b6c495f2752eaa6837d5df9d9b4ce29219e0f9f581c14ab5c35596d205410883821538e8eaca8a5b621fe0d961f95ef0695878afc4583a37b28efb76