Overview

overview

6

Static

static

3

NitroRansomware.exe

windows10-1703-x64

6

Analysis

  • max time kernel
    7s
  • max time network
    7s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-07-2023 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NitroRansomware.exe

  • Size

    1.5MB

  • MD5

    28f53c05fd1bcba5c6dfe308bf18b61f

  • SHA1

    044bad9f304c1d470ffcf9554c49c4d29e4df38f

  • SHA256

    badcb08d3d45a7eb38f2903b66552cea99de77e71d46157d57836d27cd122a94

  • SHA512

    7fe15578bb757839bd4f04c189972b828d3f1df53cd8449f71ec4f98c572d2c844516111f8f2ef7238c599bc4ecb7388942798f77a41d4e659f0dfe3c4b7344e

  • SSDEEP

    49152:IyYGwfZPzodngwwHv5VbtHw1kqXfd+/9AJ:IjDZbIgNhVRw1kqXf0F

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NitroRansomware.exe
    "C:\Users\Admin\AppData\Local\Temp\NitroRansomware.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4436

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4436-120-0x0000000000140000-0x00000000002CC000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4436-121-0x0000000005080000-0x000000000557E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4436-122-0x0000000004B80000-0x0000000004C12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4436-123-0x0000000004B70000-0x0000000004B80000-memory.dmp

    Filesize

    64KB

    Download