2b54aff4c483ced32911e5f884e8719c0a453e95e836804dbac902e52682dc95

Analysis

max time kernel
19s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 07:56

Target

NitroGen/setup.exe
Size

2.5MB
MD5

b55c06303f9c7f911a2af581dda35dd9
SHA1

e9969d40afe53a03f1af8b10dc9650621e5d128d
SHA256

0184f5c68e4d98a5bfab889b66ac59f81e24b6939b15222021ba904172641819
SHA512

44cd6fc23e0c65fc7b6cfa366a5a0935c9557f8d79a0c80dc18de8afc25bec7704526ab52032771d56e89a4c2626647e4518e7ca7c163128db748db08c2216c1
SSDEEP

24576:EZTqr7G0hOkahtzTx+VhaRO1lD6mepV6yMacTVBV1/AAb:En0hOkaL/YKkaBc5BZRb

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2212 set thread context of 4420	2212	setup.exe	91

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 4416	2212	setup.exe	90
PID 2212 wrote to memory of 4416	2212	setup.exe	90
PID 2212 wrote to memory of 4416	2212	setup.exe	90
PID 2212 wrote to memory of 4416	2212	setup.exe	90
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91
PID 2212 wrote to memory of 4420	2212	setup.exe	91

C:\Users\Admin\AppData\Local\Temp\NitroGen\setup.exe
"C:\Users\Admin\AppData\Local\Temp\NitroGen\setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4416
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4420

memory/2212-135-0x00000000004D0000-0x0000000000677000-memory.dmp

Filesize
1.7MB

Download
memory/2212-133-0x00000000004D0000-0x0000000000677000-memory.dmp

Filesize
1.7MB

Download
memory/4420-139-0x0000000007320000-0x0000000007330000-memory.dmp

Filesize
64KB

Download
memory/4420-136-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download
memory/4420-137-0x00000000076C0000-0x0000000007C64000-memory.dmp

Filesize
5.6MB

Download
memory/4420-138-0x00000000071F0000-0x0000000007282000-memory.dmp

Filesize
584KB

Download
memory/4420-134-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4420-140-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/4420-141-0x0000000008290000-0x00000000088A8000-memory.dmp

Filesize
6.1MB

Download
memory/4420-142-0x0000000007470000-0x0000000007482000-memory.dmp

Filesize
72KB

Download
memory/4420-143-0x00000000075A0000-0x00000000076AA000-memory.dmp

Filesize
1.0MB

Download
memory/4420-144-0x00000000074D0000-0x000000000750C000-memory.dmp

Filesize
240KB

Download
memory/4420-145-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download
memory/4420-146-0x0000000007320000-0x0000000007330000-memory.dmp

Filesize
64KB

Download