Analysis
-
max time kernel
0s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-06-2024 14:02
Behavioral task
behavioral1
Sample
Nitro.rar
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
Nitro/Nitro Gen.exe
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
Nitro/config/config.json
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
Nitro/config/proxies.txt
Resource
win11-20240611-en
Behavioral task
behavioral6
Sample
Nitro/results/hit.txt
Resource
win11-20240508-en
General
-
Target
main.pyc
-
Size
63KB
-
MD5
665970d2a9dd9646b6708c4557a250d8
-
SHA1
639d6c945d962f3bf20314c9d3aad68a317d0075
-
SHA256
a6cf7bcee5c167df01c4c82135d64c28aa94abfbd78632640b737fdb312699df
-
SHA512
e838684ff50f801a3117096b708d71c85ffd2832e13a83a6f267d97aabf13ba649b13b490f9d390e6936f1ff31053a64d37a0e0fb21128f67c50591e89ed1108
-
SSDEEP
768:qPI+YVnrzeICyMv8PNwBodgllYxfTvuuGGrp25Yg/DtnNN2sC0zgKVhpmLf:q2rzejmNXGllOfTGuo5Yg/DF2l0b0z
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 464 OpenWith.exe