e11811051baa4b8010aa790f6f1e86e7275647a70901a31e30b20140a635bb9e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OnajNitroV1.exe
Size

6.4MB
MD5

ee518bb6425bdb8ab369d78ced89bd9d
SHA1

ba54b1c5882311c342474434589d0be7460b3e26
SHA256

e11811051baa4b8010aa790f6f1e86e7275647a70901a31e30b20140a635bb9e
SHA512

af9903309f8785aedd31750115d0075ccde4e25ee79ccf24fb56c9511b664a60d78e3a2f911d263aec18890391128d38d45d3955029a0e7db08542bd5981a09a
SSDEEP

98304:k1SPf3FHkDx6hzb71QGQCPDbZfzuOqV6l7ayCb7BJ5mjwNwwMeZYobSr+h+I0x1:k1cflkMFdQmRrdA6l7aycBIGpEoNT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

pid	Process
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe
1064	OnajNitroV1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 1064	3108	OnajNitroV1.exe	90
PID 3108 wrote to memory of 1064	3108	OnajNitroV1.exe	90
PID 1064 wrote to memory of 4560	1064	OnajNitroV1.exe	91
PID 1064 wrote to memory of 4560	1064	OnajNitroV1.exe	91

C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe
"C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe
  "C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title OnajNitro / github.com/onajlikezz / discord.gg/pBFaCQQVBV
    3⤵
    PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI31082\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_bz2.pyd

Filesize
81KB

MD5
bbe89cf70b64f38c67b7bf23c0ea8a48

SHA1
44577016e9c7b463a79b966b67c3ecc868957470

SHA256
775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723

SHA512
3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_decimal.pyd

Filesize
242KB

MD5
6339fa92584252c3b24e4cce9d73ef50

SHA1
dccda9b641125b16e56c5b1530f3d04e302325cd

SHA256
4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96

SHA512
428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_hashlib.pyd

Filesize
60KB

MD5
d856a545a960bf2dca1e2d9be32e5369

SHA1
67a15ecf763cdc2c2aa458a521db8a48d816d91e

SHA256
cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3

SHA512
34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_lzma.pyd

Filesize
153KB

MD5
0a94c9f3d7728cf96326db3ab3646d40

SHA1
8081df1dca4a8520604e134672c4be79eb202d14

SHA256
0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31

SHA512
6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_queue.pyd

Filesize
29KB

MD5
52d0a6009d3de40f4fa6ec61db98c45c

SHA1
5083a2aff5bcce07c80409646347c63d2a87bd25

SHA256
007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75

SHA512
cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_socket.pyd

Filesize
75KB

MD5
0f5e64e33f4d328ef11357635707d154

SHA1
8b6dcb4b9952b362f739a3f16ae96c44bea94a0e

SHA256
8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe

SHA512
4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\_ssl.pyd

Filesize
155KB

MD5
9ddb64354ef0b91c6999a4b244a0a011

SHA1
86a9dc5ea931638699eb6d8d03355ad7992d2fee

SHA256
e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab

SHA512
4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\base_library.zip

Filesize
859KB

MD5
22fee1506d933abb3335ffb4a1e1d230

SHA1
18331cba91f33fb6b11c6fdefa031706ae6d43a0

SHA256
03f6a37fc2e166e99ce0ad8916dfb8a70945e089f9fc09b88e60a1649441ab6e

SHA512
3f764337a3fd4f8271cba9602aef0663d6b7c37a021389395a00d39bd305d2b927a150c2627b1c629fdbd41c044af0f7bc9897f84c348c2bccc085df911eee02

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\select.pyd

Filesize
28KB

MD5
c119811a40667dca93dfe6faa418f47a

SHA1
113e792b7dcec4366fc273e80b1fc404c309074c

SHA256
8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7

SHA512
107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31082\unicodedata.pyd

Filesize
1.1MB

MD5
4c8af8a30813e9380f5f54309325d6b8

SHA1
169a80d8923fb28f89bc26ebf89ffe37f8545c88

SHA256
4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05

SHA512
ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads