40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a

Resubmissions

20/02/2024, 20:52

240220-zntzaafd27 10

20/02/2024, 20:43

240220-zhst2afc62 10

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nitro Generator.exe
Size

18.4MB
MD5

8e3e0737df3744affe6aa9cc8c0bacc4
SHA1

726d05d5b06a39216dab21facdc2e27705465cb4
SHA256

178cc31882e0b7a11319e3015372c5df5d41447000eff58c60167d0225043fdb
SHA512

5b07d366fc15633a555d8e7314e0220201de873a1991f47a81082adc4e6c4682b4e3792fa6bea74c0418d4aabd6c048c41ff79666ff5dda6e1958f0fa66f899f
SSDEEP

393216:hqPnLFXlrvoQ8DOETgsPWgfGFGgLlvEqBALr6q:IPLFXNwQhEOmkaHLv

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1440	Nitro Generator.exe
1440	Nitro Generator.exe
1440	Nitro Generator.exe
1440	Nitro Generator.exe
1440	Nitro Generator.exe
1440	Nitro Generator.exe
1440	Nitro Generator.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x000500000001a49d-163.dat	upx
behavioral3/files/0x000500000001a49d-164.dat	upx
behavioral3/memory/1440-165-0x000007FEF5890000-0x000007FEF5CFE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 1440	2908	Nitro Generator.exe	28
PID 2908 wrote to memory of 1440	2908	Nitro Generator.exe	28
PID 2908 wrote to memory of 1440	2908	Nitro Generator.exe	28

C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe
"C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe
  "C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe"
  2⤵
  - Loads dropped DLL
  PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5a72a803df2b425d5aaff21f0f064011

SHA1
4b31963d981c07a7ab2a0d1a706067c539c55ec5

SHA256
629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

SHA512
bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\python310.dll

Filesize
880KB

MD5
f8652392b7f63d0820488d6034c85c6d

SHA1
c04bcb83ebc29799fb66d4d643d3f99ab8aedf4e

SHA256
a1e0bae429e6e0c08674db501581aa7564ca7c85ec78cbe7a6c1231343701c5b

SHA512
782cafb23ebedfba8573e5401ea3fbf6958f09ce5d05bdd5a2349a3e97d9a43aa063bb7ab16171401b6cd69ffdc020c739787c433b611399f8a7de769db0d77a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\ucrtbase.dll

Filesize
1011KB

MD5
849959a003fa63c5a42ae87929fcd18b

SHA1
d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

SHA256
6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

SHA512
64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
721b60b85094851c06d572f0bd5d88cd

SHA1
4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

SHA256
dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

SHA512
430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1ed0b196ab58edb58fcf84e1739c63ce

SHA1
ac7d6c77629bdee1df7e380cc9559e09d51d75b7

SHA256
8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2

SHA512
e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7e8b61d27a9d04e28d4dae0bfa0902ed

SHA1
861a7b31022915f26fb49c79ac357c65782c9f4b

SHA256
1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c

SHA512
1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
91a2ae3c4eb79cf748e15a58108409ad

SHA1
d402b9df99723ea26a141bfc640d78eaf0b0111b

SHA256
b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34

SHA512
8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\python310.dll

Filesize
1.2MB

MD5
79911b6e17432c953aee65453f0bb45d

SHA1
f123bc0ce33a83324ca8f7107c18601875e58035

SHA256
0e9015e1e1765325a010e613ffc5ad0069d1deac7be1f488acaaee6682e973d3

SHA512
1656232a1e57fe9eb43e2da2fc11ad4d5a1c41a6b4c2cb1604a001b12def6e9e088a8a82266e8f57743cfea0ddc769b566a945202198f27a5621e252c77a9180

Download Submit
memory/1440-165-0x000007FEF5890000-0x000007FEF5CFE000-memory.dmp

Filesize
4.4MB

Download