ce621881554acfdf1f153cb5103d58deeb9fe6e826e63633ec42840d74304261

Resubmissions

27-03-2024 18:28

240327-w4cs6ahg53 7

27-03-2024 14:49

240327-r64mfahf4x 8

Analysis

max time kernel
92s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroGen.exe
Size

5.9MB
MD5

c7f3a377d431b4e13a3972e70d152db4
SHA1

5eacd2ae9a09b5f7c306c64a67aa3867b443a36c
SHA256

ce621881554acfdf1f153cb5103d58deeb9fe6e826e63633ec42840d74304261
SHA512

39efdf9e058c5bb1973475d67b3aa3470c3ffc21daa2dbf2ee4128be6e8faa0d32b23cfc2dbd58df7651552c10a20465de89bd8f960e954e2c007a9fcebd8127
SSDEEP

98304:YSMCaq76OVQWJuhswoYv5eONVMSVlnsfGm2ceemmZqAZ8a+t1TwuZZ46hFiw43Q0:YS17/uWJysVYvsO4knseOeehZqAqa+3J

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe
3960	NitroGen.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	3960	NitroGen.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 3960	3244	NitroGen.exe	87
PID 3244 wrote to memory of 3960	3244	NitroGen.exe	87
PID 3960 wrote to memory of 3424	3960	NitroGen.exe	88
PID 3960 wrote to memory of 3424	3960	NitroGen.exe	88

C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
"C:\Users\Admin\AppData\Local\Temp\NitroGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI32442\NitroGen.exe.manifest

Filesize
1KB

MD5
aef90488545cacf82224f2395bf9606e

SHA1
cdd0ffe342666ed44c0c233ee1999cf913907c13

SHA256
7ddadf1318395cf2b343c8ab497014620d8f82b1b5b0e735867c9858e8cd62b1

SHA512
0aaf90d51501c1889c5ed6721c3b97f7f361ff3c325207f3b34ca76f2e746f5e1a2804dc7f954568299ae06e5708ae6f17834678450c87692afaaeb422159144

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\_bz2.pyd

Filesize
92KB

MD5
cde853b48405adc6bb2009553951cf4b

SHA1
1cd5ecb2a7c4ded3663b497bfe9b190e7304135e

SHA256
9f3b2a39dd67f9c328dd0e021cae0fb9e60e78f451fc4071a529fde00db0c243

SHA512
7448f6f63a83018c64b69a5f0535aac4287ca838fb122101d02449c34120db3047b967202068fdec60939c28317cfeb5cd7ac8a7732eea84e9358689ee777cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\_hashlib.pyd

Filesize
38KB

MD5
d2cd47354de38cc1edf86040e9661e6c

SHA1
d228f223f2a26faf39fa9dae0d311bfd95ef17be

SHA256
85c2fb612e92eb687dfa6ec0a65bbddccb7b49de507b093744587af07c575116

SHA512
f221c5afd0cd71754f97b5554275bd059233e12c2e96513639dea353c2644ec2b3da3ff9773878c793e9fa10239581fddde41f543a080ad5fc0afda7ba130061

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\_lzma.pyd

Filesize
248KB

MD5
a550f17aed5a5e6660fbfa406590af43

SHA1
e23db31a9eadc90e9c5a1c8a3e55cc7aa677ff35

SHA256
2d3acac7982b190333b16bfc4a1f5ccfc24f50b16994001aee6e32a22df8292a

SHA512
40264569e3d73347e2a6148a6f9cc82896711ad5874d2b0bcdc3d33f59d96b22ca477fb083f44b7c753cfb11f8c511c9f475aa7d89a25e6f153bc2be7e7a7a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\_queue.pyd

Filesize
27KB

MD5
d8c551b3236fcbf8eddcec60d120cb37

SHA1
6daa6c0a870644710fc0ae43b24f91b31a1bc163

SHA256
bc63eb39366f7de378e2dfebc8ba8a1f574cfa6c90c642b282f60c2d79c0e320

SHA512
1a9245f44dc9c2f3d6e86e1c5650af10810d8ef9732c3304879dd1aac9ddf8bd132af1d4f870b713f3a9df618ef0ab12981d02a7012717ee2e9473f6dd64e051

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\_socket.pyd

Filesize
75KB

MD5
d01862e4afe155cd62e69935e739ee51

SHA1
ffa93f260bc82fd33fb3be0d958bf6262537a773

SHA256
9506ef21605d443f1927089eacf0cd6c138bd88dcaef99cbe58960346113b67a

SHA512
3d22dae047d285126c7d527bcafb34c022c6f4d916b7200be7b2154265a7acbd73ab862f6263f531d1f9cb9ff90dcad432fd9bbad59fb847383be21e57c354a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\_ssl.pyd

Filesize
118KB

MD5
b07ab1b3fdb06fa7923fd48c8d0ebe3e

SHA1
217ded2b45349d949848dd6f62b0df3ab8d8d3e4

SHA256
aefcacf74e2c2b35d7aa2f15a00b32a00edb107fc3ec230cdad4fb7db23daea6

SHA512
db815aa1341cae2ddba8087cc36abfc2d06fee5f8863f9a3fb23117a24394c21116fd6f46bf9a3f8925526037eb5ea29fb82bad88423fbe60a81e610f30e9964

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\base_library.zip

Filesize
768KB

MD5
50d24a99e560b095e4754a04560bc0ea

SHA1
346749c5788d150fdb7b17eeac0df1f8760af815

SHA256
cf72d3448cca4a3ac143ee5497a56e512384da7c8c9da3fd5cdadbeb06795890

SHA512
9d2bf41cde0d00f9195e1f1d832cb79930c94918c9fa0674d285b8e7774e4e50a2357d545b5653739f7aae83c337688ed2d97caff1fc4fba9695350e6df43cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\certifi\cacert.pem

Filesize
275KB

MD5
c760591283d5a4a987ad646b35de3717

SHA1
5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134

SHA256
1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e

SHA512
c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\libssl-1_1.dll

Filesize
670KB

MD5
fe1f3632af98e7b7a2799e3973ba03cf

SHA1
353c7382e2de3ccdd2a4911e9e158e7c78648496

SHA256
1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

SHA512
a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\python37.dll

Filesize
3.6MB

MD5
f8f12175880677bd010def8ba14208da

SHA1
889e23b96d78135dc3294c84ab900b91fa9f7a0c

SHA256
08686f0e6e3c54d455d4a4801d5deccadedbafd1e010b3d18ade81180853db27

SHA512
7792f4a2005c2721b3fa848e2703bfb380670d6bd108599c5a98299f09197b44fb44adbb59da9c55bf064bb3c083a07fd82acdf29b7a09da07981c964eb11304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\select.pyd

Filesize
26KB

MD5
b394f7551ffd3f97386e48a71f99a702

SHA1
3edf2989b7985903a4987034fea468c38c3198c9

SHA256
f219279eea9b8ec9e017fd59200c0aa49fa99e83eea18316fc1b3c8381e49f3f

SHA512
890fe0b477ebc1d9d25a94ff3db1bf7b0c4eb6d34114e7416f88d7ed085a0bc65ff34e3c7c75db773d54a17fed0bf09825be68bfeae16ebae179c35440941641

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32442\unicodedata.pyd

Filesize
1.0MB

MD5
88ee2c01ae13210de752ec48daed4b45

SHA1
5b8792a27f22e8b81249689a7b1ebb136705a618

SHA256
dc1dc90497aa73ff135acdcca8ac863aae5d774c45ece5a4d053d5c24624d0e5

SHA512
4fd96ba6adbbfd9fa659a07ed5d44d548d940b7069a375cea7732dd40f9e7dc183eaf2c3363ac3be1a34ebfc26def4ebf001ff4c802fcd6d594ececddc8b6131

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads