40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a

Resubmissions

20/02/2024, 20:52

240220-zntzaafd27 10

20/02/2024, 20:43

240220-zhst2afc62 10

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nitro Generator.exe
Size

18.4MB
MD5

8e3e0737df3744affe6aa9cc8c0bacc4
SHA1

726d05d5b06a39216dab21facdc2e27705465cb4
SHA256

178cc31882e0b7a11319e3015372c5df5d41447000eff58c60167d0225043fdb
SHA512

5b07d366fc15633a555d8e7314e0220201de873a1991f47a81082adc4e6c4682b4e3792fa6bea74c0418d4aabd6c048c41ff79666ff5dda6e1958f0fa66f899f
SSDEEP

393216:hqPnLFXlrvoQ8DOETgsPWgfGFGgLlvEqBALr6q:IPLFXNwQhEOmkaHLv

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2984	Nitro Generator.exe
2984	Nitro Generator.exe
2984	Nitro Generator.exe
2984	Nitro Generator.exe
2984	Nitro Generator.exe
2984	Nitro Generator.exe
2984	Nitro Generator.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a453-163.dat	upx
behavioral1/files/0x000500000001a453-164.dat	upx
behavioral1/memory/2984-165-0x000007FEF60F0000-0x000007FEF655E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2984	2448	Nitro Generator.exe	28
PID 2448 wrote to memory of 2984	2448	Nitro Generator.exe	28
PID 2448 wrote to memory of 2984	2448	Nitro Generator.exe	28

C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe
"C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe
  "C:\Users\Admin\AppData\Local\Temp\Nitro Generator.exe"
  2⤵
  - Loads dropped DLL
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7e8b61d27a9d04e28d4dae0bfa0902ed

SHA1
861a7b31022915f26fb49c79ac357c65782c9f4b

SHA256
1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c

SHA512
1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24482\python310.dll

Filesize
186KB

MD5
1b5dfb2c7ff89cb0a35d9f4b289fa231

SHA1
2de855135039483d284bb7d889c3bae3f4f40b51

SHA256
bbb0971ee28e568a680c88f1ceaf909184dafd8f823953c6bbc107e384a80837

SHA512
c25a432d54f7991ac9bce72de056bc2065cd1e76fd448931a5da50367d8e0b145c98ef6cd1b92ba606af3d16ee929a702874013e37a03d2169ffb54afe321cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24482\ucrtbase.dll

Filesize
214KB

MD5
04191958d0a40ec2e7a72856d88b0936

SHA1
86af89c7b40a7d81d49eeb3fd63ea4da45564caa

SHA256
98fd7aef2bba2606b2e74a9deb0d17514f5853d44663cb9979a576e0ec8b4e8a

SHA512
af55cf1b85061213fd76c561bcdbd9edecb0ecec8dbbd5c698bf081ef59b8257063c0df025e2d773064d4e1d3cce35ab30239ddddf778403c45153727da2af71

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24482\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5a72a803df2b425d5aaff21f0f064011

SHA1
4b31963d981c07a7ab2a0d1a706067c539c55ec5

SHA256
629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

SHA512
bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24482\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
721b60b85094851c06d572f0bd5d88cd

SHA1
4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

SHA256
dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

SHA512
430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24482\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1ed0b196ab58edb58fcf84e1739c63ce

SHA1
ac7d6c77629bdee1df7e380cc9559e09d51d75b7

SHA256
8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2

SHA512
e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
91a2ae3c4eb79cf748e15a58108409ad

SHA1
d402b9df99723ea26a141bfc640d78eaf0b0111b

SHA256
b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34

SHA512
8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24482\python310.dll

Filesize
78KB

MD5
deb69c888cf6d46e76b43bba1bdf6d00

SHA1
837144c6b85139388cdf60a473b325f4dde03916

SHA256
d9f90a673fcd8c419c0bafd2152ae67de48827a75cbc781a10bbb8630eeb4b6a

SHA512
5e3e7e2cc74ecad43530c8ea3e33236a6727a8272be017e5030e95f20ccd7c5183848fe52163253d7bb0366eaa8474801dc40649174471416a377f705e1251d7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24482\ucrtbase.dll

Filesize
334KB

MD5
c4218b99afc7cbb18f81242c15a7509e

SHA1
1d1603aa28e2dbc944f7192d752b1012767e0c7f

SHA256
39838841895fc6016106ece55d008834d176a405668710bc04c780fc4b176d46

SHA512
9bca5584173ede3116def34d098e60f504b0a17db8d4fa496601963a0f3b83e2adf7fa74e02206c1853f6101e7e851fd5fcbce64b268a58f1b145c9930908f0e

Download Submit
memory/2984-165-0x000007FEF60F0000-0x000007FEF655E000-memory.dmp

Filesize
4.4MB

Download