Overview

overview

7

Static

static

3

Nitro.exe

windows7-x64

7

Nitro.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2023, 04:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nitro.exe

  • Size

    744KB

  • MD5

    cca6a61f8112ae64dd18272ae6d22c00

  • SHA1

    b89c19326e250b8e02b176d4c6d6f617fa1c55d1

  • SHA256

    5fe6a791be0a3438a7703bb94851f229f81e86e8e30f87818537f0382976d6c1

  • SHA512

    dad78a3c209a2962fee632aadd3286bd4e5ee9efe0bfacb3d0dde13b025f68102d2a581d787cc332b1e13641815e518713970502721d28c48f7022fea562aeb6

  • SSDEEP

    12288:heRtB1y90+ulRrNetMy1Yc7uKyftkXnSRWyhM5eakDm3HTiw34jFju:Kj1y9WRxeSRKuJqCrNaomOw34j8

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nitro.exe
    "C:\Users\Admin\AppData\Local\Temp\Nitro.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CERTUTIL.exe
      CERTUTIL - DECODE NAME.TXT NiITRO.EXE
      2⤵
      • Executes dropped EXE
      PID:1060

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\certutil.exe
    Filesize

    1.5MB

    MD5

    84114ba897175da47bec94781e843739

    SHA1

    85d079f7db713c4a2607b07df043d979a8cd4aaf

    SHA256

    a86db7bb74499c976fb00a902b905e3fea2982405344cb0f4966192f50e4dbb5

    SHA512

    b777adf4b6c495f2752eaa6837d5df9d9b4ce29219e0f9f581c14ab5c35596d205410883821538e8eaca8a5b621fe0d961f95ef0695878afc4583a37b28efb76

    Download Submit