9d4dea7ff1b8ebe464b003c97a4486e30a5998247cc9d2607b1ef5ebee676eb0 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

Ninite Chr...er.exe

windows7-x64

1

Ninite Chr...er.exe

windows10-2004-x64

6

Sharing

General

Target

Ninite Chrome Spotify WinRAR Zoom Installer.exe
Size

415KB
Sample

240530-wa5l3sge65
MD5

02a4e36c92fbe96c0146787891a21214
SHA1

a60fb2cb6c03e5d6eb97375c466025295defb2db
SHA256

9d4dea7ff1b8ebe464b003c97a4486e30a5998247cc9d2607b1ef5ebee676eb0
SHA512

2e376bbdf6de67b7da96952353864bb2ec0ac20468de2458c0b1dce732f469a3504ea3052f1b8a9ffdbb3424cbaa4838278fc496765f1f14a20cea8ffed91535
SSDEEP

6144:ehuGbXZA2zNMPMPwVtiN44zAi5NAOig3TBrCZMszqLi7ksvmacmWnZde:CuypA2hESwGRwg3TBPi7BvmZmwZQ

Score

6^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ninite Chrome Spotify WinRAR Zoom Installer.exe

Resource

win7-20240508-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ninite Chrome Spotify WinRAR Zoom Installer.exe

Resource

win10v2004-20240508-en

discovery evasion persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  Ninite Chrome Spotify WinRAR Zoom Installer.exe
- Size
  
  415KB
- MD5
  
  02a4e36c92fbe96c0146787891a21214
- SHA1
  
  a60fb2cb6c03e5d6eb97375c466025295defb2db
- SHA256
  
  9d4dea7ff1b8ebe464b003c97a4486e30a5998247cc9d2607b1ef5ebee676eb0
- SHA512
  
  2e376bbdf6de67b7da96952353864bb2ec0ac20468de2458c0b1dce732f469a3504ea3052f1b8a9ffdbb3424cbaa4838278fc496765f1f14a20cea8ffed91535
- SSDEEP
  
  6144:ehuGbXZA2zNMPMPwVtiN44zAi5NAOig3TBrCZMszqLi7ksvmacmWnZde:CuypA2hESwGRwg3TBPi7BvmZmwZQ
Score

6^/10

discovery evasion persistence trojan
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy