nitro | 5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58

Resubmissions

11-05-2024 06:45

240511-hjc2jabd7z 10

11-05-2024 06:40

240511-hfp7padg83 10

Analysis

max time kernel
125s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 06:40

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Free Nitro.exe
Size

62KB
MD5

d01e6cc12d314d7d1d3714fa9be0ca80
SHA1

9cb53ff747461cf4f122d6356296341bbd2fe203
SHA256

5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58
SHA512

2fb687819b5cf9ad93b702b553b8d5760e8bb946abd436da72f44918f141ec9be1c6bb02252400da9d9846f70db61f993af783c7a996d6523be582a16d8a767e
SSDEEP

768:OKsMqCXfVcWrPM9ZkiANIUkwYLDwUzc80gmq3oP/oDF:OKsejM9ZkiAP2r/0O8/op

Score

10^/10

nitro persistence ransomware spyware stealer

Malware Config

Signatures

Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
ransomware nitro
Renames multiple (110) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Free Nitro.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\NR = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Free Nitro.exe\""	Free Nitro.exe

Drops desktop.ini file(s) 3 IoCs

Processes:

Free Nitro.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Free Nitro.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Free Nitro.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Free Nitro.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service
T1102

Processes:

flow ioc

8 discord.com
9 discord.com
10 discord.com
11 discord.com
12 discord.com
6 discord.com
7 discord.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 api.ipify.org
5 api.ipify.org

flow	ioc
8	discord.com
9	discord.com
10	discord.com
11	discord.com
12	discord.com
6	discord.com
7	discord.com

flow	ioc
4	api.ipify.org
5	api.ipify.org

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

Free Nitro.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\My Wallpaper.jpg"	Free Nitro.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\wallpaper.png"	Free Nitro.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

rundll32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Free Nitro.exe

pid process

2160 Free Nitro.exe
2160 Free Nitro.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

2112 rundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings	rundll32.exe

pid	process
2160	Free Nitro.exe
2160	Free Nitro.exe

pid	process
2112	rundll32.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

Processes:

Free Nitro.exeWMIC.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2160	Free Nitro.exe
Token: SeIncreaseQuotaPrivilege	2544	WMIC.exe
Token: SeSecurityPrivilege	2544	WMIC.exe
Token: SeTakeOwnershipPrivilege	2544	WMIC.exe
Token: SeLoadDriverPrivilege	2544	WMIC.exe
Token: SeSystemProfilePrivilege	2544	WMIC.exe
Token: SeSystemtimePrivilege	2544	WMIC.exe
Token: SeProfSingleProcessPrivilege	2544	WMIC.exe
Token: SeIncBasePriorityPrivilege	2544	WMIC.exe
Token: SeCreatePagefilePrivilege	2544	WMIC.exe
Token: SeBackupPrivilege	2544	WMIC.exe
Token: SeRestorePrivilege	2544	WMIC.exe
Token: SeShutdownPrivilege	2544	WMIC.exe
Token: SeDebugPrivilege	2544	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2544	WMIC.exe
Token: SeRemoteShutdownPrivilege	2544	WMIC.exe
Token: SeUndockPrivilege	2544	WMIC.exe
Token: SeManageVolumePrivilege	2544	WMIC.exe
Token: 33	2544	WMIC.exe
Token: 34	2544	WMIC.exe
Token: 35	2544	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2544	WMIC.exe
Token: SeSecurityPrivilege	2544	WMIC.exe
Token: SeTakeOwnershipPrivilege	2544	WMIC.exe
Token: SeLoadDriverPrivilege	2544	WMIC.exe
Token: SeSystemProfilePrivilege	2544	WMIC.exe
Token: SeSystemtimePrivilege	2544	WMIC.exe
Token: SeProfSingleProcessPrivilege	2544	WMIC.exe
Token: SeIncBasePriorityPrivilege	2544	WMIC.exe
Token: SeCreatePagefilePrivilege	2544	WMIC.exe
Token: SeBackupPrivilege	2544	WMIC.exe
Token: SeRestorePrivilege	2544	WMIC.exe
Token: SeShutdownPrivilege	2544	WMIC.exe
Token: SeDebugPrivilege	2544	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2544	WMIC.exe
Token: SeRemoteShutdownPrivilege	2544	WMIC.exe
Token: SeUndockPrivilege	2544	WMIC.exe
Token: SeManageVolumePrivilege	2544	WMIC.exe
Token: 33	2544	WMIC.exe
Token: 34	2544	WMIC.exe
Token: 35	2544	WMIC.exe
Token: 33	1540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1540	AUDIODG.EXE
Token: 33	1540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1540	AUDIODG.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

Free Nitro.execmd.exe

description	pid	process	target process
PID 2160 wrote to memory of 2944	2160	Free Nitro.exe	cmd.exe
PID 2160 wrote to memory of 2944	2160	Free Nitro.exe	cmd.exe
PID 2160 wrote to memory of 2944	2160	Free Nitro.exe	cmd.exe
PID 2160 wrote to memory of 2944	2160	Free Nitro.exe	cmd.exe
PID 2944 wrote to memory of 2544	2944	cmd.exe	WMIC.exe
PID 2944 wrote to memory of 2544	2944	cmd.exe	WMIC.exe
PID 2944 wrote to memory of 2544	2944	cmd.exe	WMIC.exe
PID 2944 wrote to memory of 2544	2944	cmd.exe	WMIC.exe

C:\Users\Admin\AppData\Local\Temp\Free Nitro.exe
"C:\Users\Admin\AppData\Local\Temp\Free Nitro.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2544

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\CompareRemove.bmp.givemenitro
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2112

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1284

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\ApproveUnregister.xml.givemenitro

Filesize
179KB

MD5
38f58b0f78354ab35fc67fe9ade22ef4

SHA1
3f657d638fc3df2455fefb09ddca9177464d6627

SHA256
a34f97346a6abf2bdb7411dc3767341544c09fcf95a1f219b1717793c3c59808

SHA512
16be1d4d97a428fad929e705d151d094f705bade1c99714e2fee593a8de1fb99b7e0b746ce08985c24bfaae071e1c7c7f15bd79ef9be596a283bb26a529b8090

Download Submit
C:\Users\Admin\Desktop\ConvertFromDisable.ocx.givemenitro

Filesize
94KB

MD5
27e2b7dee007a30b8be4dd28b26df7ee

SHA1
ceb4b0ff3e167611caa6acea2dcaf455f2bb81cc

SHA256
33e55560378145dad8c9de41e96b864bd34b97465d5e43e9fc3114aecca90490

SHA512
1127db2e06c350254cc2754ae118e1a5f65ee5785c8c78a2e64945ef3e045e22f9ce2b71a9b95cbdb0e8b25de13106c9fa5fe6619a577a262afc76c1002de7dc

Download Submit
C:\Users\Admin\Desktop\EnableUnblock.ico.givemenitro

Filesize
149KB

MD5
d97bc12e00ad1b12703a91727da962fa

SHA1
27dc41c3b3bd0b651ae0b75678fa00f37d5c2478

SHA256
8e9476e9ffa80248e8aa6e75c40385ae7b1744cac3120defd8d1c0482f8f41d1

SHA512
fb3ec2dec26a4abff0f45c9c0723861eba850ba5f102554c22b4da438cfc622a0902b2725219b9289071aa9b65ad308baa3fdabddf98bfcc05a0ff764bb8c9db

Download Submit
C:\Users\Admin\Desktop\ExitInvoke.wdp.givemenitro

Filesize
197KB

MD5
bb09065f70ca25486f54e5736e421d02

SHA1
f443cf0dba4e10dddf7796bc081aa5c442de63b1

SHA256
44d629fe761acdd2d621bbb252c95e6b31a37beb461b1891635e2ce21fdaf6ad

SHA512
bf4407cb0a2b88319819a932c18362c78201ec81b38ff5b03ced29d36322d4bee0386ca6f85703920233243861829bc86b235082e818616beafdcbf673e03a1c

Download Submit
C:\Users\Admin\Desktop\HideApprove.css.givemenitro

Filesize
106KB

MD5
2e36163a5c84e631331e173d741fa009

SHA1
5a1d3caebec4c0a9bde642fd1bbcf1894035ee79

SHA256
f7072e0b0e885c6f518670e687eb5218ea97803effe7e49d43bc01bfb15e01b1

SHA512
b3a92b88a07ea8bf23648ce06bc4c2b66cfe7039f7d78c9c6c61ae9bbfc22bdd640227d9e6b2a2f63d9050529464f58416e6f601ea92a8421e4009d38fa2ad51

Download Submit
C:\Users\Admin\Desktop\JoinAssert.ex_.givemenitro

Filesize
252KB

MD5
40ba7b976a2a17bfc4455585ae1fc0fd

SHA1
fbc2d127d77f5ccbfe8df40b9c6027e9be75767b

SHA256
bf399089bdeb4015e61669019f45ffd281e57848cf68e2c5a25ac25fc83930b6

SHA512
07ee2395b5bd67096945b0ac5ddfe18705daa85b20cde3491b3fbf2b50bcf9ce9fc8f3b4d1f416dc1a152d5d418052015d019ab9cc49170caf597283bb16f9a5

Download Submit
C:\Users\Admin\Desktop\JoinUnblock.tmp.givemenitro

Filesize
167KB

MD5
dbedf7d399dcae6e98800c9dfe1a1133

SHA1
2d45cbe40825efb18b15be42cdfee9b434c77145

SHA256
a3317f500ce5c1d985b5bc4eebb4b56f907e77acf4a340ef234e763971e28bd6

SHA512
c70ad42d60e7b700a36e73bf5758ed37b4ce0e5437fe5112ae2cb2c85f2e029a523b93935498d84c5d67fbdcd553e2a81de3eff0b1da0567694f9888996f6708

Download Submit
C:\Users\Admin\Desktop\MeasureEdit.i64.givemenitro

Filesize
222KB

MD5
aa6b5d8183ad1e1e98eb587b67b5c4ca

SHA1
7614a2e3fad3c7b339223157585327839b1099ff

SHA256
c529ca5e7153bcc837ae8e4e846268e21b893e30825da4f19f7fdab93b7a59b6

SHA512
acd3b13dd676b9239196e51ea89ef98a1b95e861b3099cacb33f5c82e53df0638827d455aa540d2567772e61bfab0e740fd725868504d285f9e9fe620c5b75c1

Download Submit
C:\Users\Admin\Desktop\PopPublish.wma.givemenitro

Filesize
130KB

MD5
53d817897166dcd44eb7a62f11456494

SHA1
48acf79339d0d4589db862f578359e2342302344

SHA256
602ac5ce9c9cba5351a600dd7386ceaa2589448691ea0332856945b9d337f402

SHA512
833794ffd3f888d104d0a103dfe7bca7f50189cdb6d4265d4e4d6f79bcada2fda3ab55e7427d254003bbc8106278f0d913f563f8a682823c6478278e20d9bfff

Download Submit
C:\Users\Admin\Desktop\ProtectSubmit.ico.givemenitro

Filesize
143KB

MD5
bdbe9f384d966f85baeba552cbd9b0f3

SHA1
4b84f020fa503ed5e7b220f0922d9ae3551253d8

SHA256
0e1490419c159fe2e0df5a4b11ee6772a616806472788276a27faee4fe8f3cf9

SHA512
6df0eb2587f0439c76232366e57ee8d156a45bbc5384bc1b4c74ece4eeb23ee10e7ac51dc2acabde31736c9b46daaaa079092068f109dfb51dee7acaea2270dc

Download Submit
C:\Users\Admin\Desktop\ReadMount.ppsx.givemenitro

Filesize
240KB

MD5
aa8c29847ab5038524a08ed2ab34f4ec

SHA1
77a446248b6c4f7aed44734c2e8a29953881662a

SHA256
e23f76b72508b5538fbe70e9c9b9a68ae5e34457d287c19ba670235e0443e6b0

SHA512
ea0beb8b9f9e4aa90b0b5479286b9726684ef8e1af7039e4a21b5bbbdf1e0329e90b8d6c46e3597149242a30ab7dac5df7df60ab3c2828599bbdce6d1961c4f8

Download Submit
C:\Users\Admin\Desktop\ReceiveUnprotect.zip.givemenitro

Filesize
228KB

MD5
369fecf86ed1c701edc5ff3bfceb668a

SHA1
4c88d5149d9ea221410b73e4b8b34c0670bf4d4e

SHA256
a7870688e4267ee3c9d5e17435d38994f8f9fa4a543881350c49aec5bdeace23

SHA512
87b9eb50e26776e31a74b67a5d0533dd092460a567ba517b3263bfa43a86f8e54738597ac1a03e72e2763f87bb5374f08505d4da78bfe23112a6f2c12831f35e

Download Submit
C:\Users\Admin\Desktop\RedoUpdate.mp4.givemenitro

Filesize
173KB

MD5
4514f00fc5cd329e512251b7386fa46c

SHA1
bb2b5bca22104700f46166e34b420420fe272584

SHA256
addc4a2ee70e83f29226344ca4217195f677401ad6406ca2efb40e571e45d818

SHA512
5390c5743fed7f12be5c881a1d5a8c0d285e75393001ff6a44c7516a30de7ba2e62379d0cf6be325ecd66f4dc9324c879bf185bfac327a5b6142fa61d205fc89

Download Submit
C:\Users\Admin\Desktop\RestartSync.wvx.givemenitro

Filesize
112KB

MD5
af0a0316b45264d184af3d842e22a791

SHA1
6ce2f371ed9786ff83d02af41e2d7d192d6b7a15

SHA256
6bcc9495d4b38d7331089573dc5d45562cc5869a620e0afe012d501fcd292493

SHA512
0433ec03ffad80ae585ce1db9bb2f3d29ddbd0d5a9686f5ee00ba5c885ba219fe0104ad25cfeed413ec97399389e4ea21672b53066b8c6f9c5b06bb100fd19e6

Download Submit
C:\Users\Admin\Desktop\SendHide.vsw.givemenitro

Filesize
234KB

MD5
8a6055ddb321d1677a1fafcf4aa99539

SHA1
81cdd7743d71754f0454acbeed50ec66817329c3

SHA256
72424e3b91af864017a0933e7e2f2ac10b31c96fd7cf411cd9062973d3dfed4b

SHA512
cc9c0cfe62a19ce8366ed54a1a2eaf184c3c3fe6406c92527cf154a97ee72ea84cc49f43d21e9cb92d6ddb8ddb2bc06a9f6b7f8d5400fff9125e5590c585b680

Download Submit
C:\Users\Admin\Desktop\SendReceive.ods.givemenitro

Filesize
124KB

MD5
8c308a39b4e3a8c23d9a4f54ea6d9d94

SHA1
3d21331ae5afdd5a2da91aec7c79e1d6760d9e92

SHA256
9620a759895ad49b475bec00500a3763e4955fb5c0b33e134252d746ec64e7af

SHA512
02b6f9b0e32bae0a3df4b538410cecd40089b750f66ef810edc2ee442eff611cd374eaabfab88e349925fc7d54aea787fa85364a6be8801ef9150eaf58ab4e49

Download Submit
C:\Users\Admin\Desktop\SplitConfirm.xlsx.givemenitro

Filesize
246KB

MD5
fb8709a31b9eac18b837223e9d95a7bd

SHA1
82e92a6211e3645652ea014a424771cd89129c9b

SHA256
dedc3262c749fc96efe2a6b164325c616665781ea87825cec8242292cb5dfadd

SHA512
dcf464eeae0e22b8d53f55bcc908119006bd230b52fdd5545f7393e5691db0c4d016aa2865f87ce943193db075138c8855cf09c4acef246668d593af8cc9bfd7

Download Submit
C:\Users\Admin\Desktop\StepDisable.xlsx.givemenitro

Filesize
137KB

MD5
7c8a05ab58774c533c8379bb5b1aa1ee

SHA1
e148ac8b50053e6a50045aab687e7de58ce65a7e

SHA256
313900a5a07bde242ebfd2b3605d9f4faa6b8cbcb3aca18bcdc6fd8280e22f74

SHA512
1d9961a984f83adc8e8af5c8be05100cd5faf56c0024541a6ded2340adcf33be003f6a6aa27230539ac9ada703c74cdbea85f4f1305d97112fc40634b512fe9b

Download Submit
C:\Users\Admin\Desktop\SwitchConvert.png.givemenitro

Filesize
118KB

MD5
6ac655aae3c9196dde0d6858ce04a638

SHA1
5c358d2d0dc7baad167e09990a4d6190efcb8dd4

SHA256
71106af09626cfd127729cde9e6b85337aa5701d3f3c07a63ae005532d4797be

SHA512
d2a86ec0c1f1a8947f1a53e697810b99687aca457689d08bce66051f058f387586720aaa0d06dec786a81e3a7ea4e26b1ffc89d1eb74b2057e12178b05ed401e

Download Submit
C:\Users\Admin\Desktop\SwitchWatch.cab.givemenitro

Filesize
88KB

MD5
1cd4240cbebf3945df9399ee1faea289

SHA1
7609a1a26bfdfd7f89923d38486d5c53039cb6a8

SHA256
7098f5b8e2f8dd8e9bea4997e8d428bc0c646229f7a9fd0aa4d3968760d738be

SHA512
cc735244f53b78f4a13eac83f7af49bcf98a094b992402639399a853206f1f5ddc4d23648fa948c7e7793a003d1138e37a95ef0e2c1eb0dfc8451bf3c0970c36

Download Submit
C:\Users\Admin\Desktop\TraceRestore.clr.givemenitro

Filesize
155KB

MD5
e3c4d22806d21825380089715244f0ca

SHA1
67da03f43307f24f4277fafeaa75e46636be8165

SHA256
5c5dcf92e908b8acff1f86f72efb8615f7b423732f12541f34afa557a583a709

SHA512
6cdc6c07b2a5f7f1a3224212a05a596d7087d6da10b80c547d5690d2b06450f0565eea80a48a6b831463fa3541df48af22c9984097bc0c088bdfe707a6357789

Download Submit
C:\Users\Admin\Desktop\UnblockClear.mp2.givemenitro

Filesize
203KB

MD5
0aca8d5a5135cf73ceebabeb475cd9d4

SHA1
8af612035d212c306587d1111de18f62d7c0f698

SHA256
29b6cde2909bde13cf8c58e40ec85df8ec012f044a60d14e77a00974288f1f97

SHA512
da200f720723c239ef74fa25cbb4c1a5cc3a40ad2b5db267fcc9d63deac9795726e111aeb0d3785ba87d2c8897a5265cfc2ab44b2eb6b222187427c394ae6831

Download Submit
C:\Users\Admin\Desktop\UninstallGet.dotx.givemenitro

Filesize
210KB

MD5
665d572044ba09e3b6a0e94411ca599e

SHA1
58e3b8ef0cfc5c5d99801f7ad65e672084ec1e47

SHA256
ac0695e3c31b2cc16294f5ef39997cc6792eb8169d2658e8b4fc1aa6bb67dc42

SHA512
fe8d1cc8e29f0bfbc393644353ee6e331b3b5c49d94a86d0f1d496785bde43196b524d3f31f7073933b2955d806ac0502f1c23e1b354049ee5aa7e4c673e40ae

Download Submit
C:\Users\Admin\Desktop\UnprotectImport.3gpp.givemenitro

Filesize
191KB

MD5
e7dcff0b8cc83f3a40723ca1b2eee278

SHA1
0dea25a209d200e4b2321cab1318ac6ed1495ba9

SHA256
7a878d94d7f9e72d9941eadd42360335e421a53b4f0c6bbecb076d198771ccb9

SHA512
bd80ec6ed10e9c9bf663c6a2e1c53cfdfefded9f09aab521bf50cf67c6769641e97304c6e3ac1e9ec6e29a57deeeb8963a655c209a8314ccd99a4443e8aaae04

Download Submit
C:\Users\Admin\Desktop\UnregisterFormat.php.givemenitro

Filesize
216KB

MD5
a81cc9e111e98ea19bf2e1c560d49bd4

SHA1
dab2764edb05f850be0e8ccda2e594cfaf609f38

SHA256
086bee988341ac5ed750ff79b8e7bd226c365b00eee77a24c0e0edaa6e75d616

SHA512
bfff3cac94a3426e6f76798d845f4144e2c05f0df0112da8af50a24952d81437e438016584f507f01da4e60642d56237bee7a5d56d1ce6fdf99c85c5f4283244

Download Submit
C:\Users\Admin\Desktop\WatchExpand.htm.givemenitro

Filesize
161KB

MD5
44bbc10a8c8b9ed7fb24027cdde1017b

SHA1
29042b6969c5a8747aac192a328752d10f66ef98

SHA256
58f3fca388be19eefff6ccf6db3b10c3dcff677918b0d3d578c5eee0d5d16cb4

SHA512
adb8a9e9b3d402d81cc41095ab257ae0be95cce74a4e721fb29807dadb102cb462ed77129d36c64350373d6b8748840db7320fdd2ca10999e9168959ab8c8505

Download Submit
C:\Users\Admin\Desktop\WatchStart.jpeg.givemenitro

Filesize
100KB

MD5
53f6cb3cc7067595cbf539da7234a814

SHA1
152b63fcf6e22becd9546c09ff89f37c37adac75

SHA256
1287e03ded194d06a6dcc35be99c8a077bab41fce6ee53faf25f92c249e47966

SHA512
da055f5641495eb35778859db77c136d8d4d08b4a1f3eeb5ad1a0df48c2f726be2366386ac62018abac5dfa8e303e2ec660086c5027ded5a7ff608c12e510817

Download Submit
C:\Users\Admin\Desktop\WriteClear.xltm.givemenitro

Filesize
185KB

MD5
d447c34cd501d8d84fc7231d829dc9c0

SHA1
0139bf488c3891fb1e932d3fdede89bf98b1b396

SHA256
411a86f6042330e069c71a389e100bc2f046661cc5333e2e90a8ccc3fdd4a56f

SHA512
88c8187cc592661963bcfadd4ee97b16f346e651a84555ab138d92a1add9667bebcbfe3cfa99a4f4a99c83eb3761d1b72c3c331437b0ec280baf1c4d4df558ab

Download Submit
C:\Users\Admin\Desktop\desktop.ini.givemenitro

Filesize
320B

MD5
b4aeb2c8d84e144265fda69484569b9a

SHA1
95069a343b80019bdc3075ee56666b0dc65e689b

SHA256
a4fe4abc1aed3f25c41600e2d9e76f515cf3d1021c0f54d1c82a2e0d8b2e036d

SHA512
432f8263f045ce54554255e7b34c64764750028217df0e4cc32da5d88adf774aea1514548c92283af3473051128d7396857e97aeda6537de53be033e00227d88

Download Submit
memory/2160-1-0x0000000001250000-0x0000000001266000-memory.dmp

Filesize
88KB

Download
memory/2160-2-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2160-59-0x0000000074DEE000-0x0000000074DEF000-memory.dmp

Filesize
4KB

Download
memory/2160-69-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2160-118-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2160-119-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2160-0-0x0000000074DEE000-0x0000000074DEF000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads