366373109445178df10e219c3d58ea40b435c3cc20f80be7398d199aee01f62b | Triage

Submit
Reports

Overview

overview

Static

static

3

NightMare.exe

windows7-x64

NightMare.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NightMare.exe
Size

42KB
Sample

240715-rrdsgaxfmf
MD5

4c5dfe827dd3465bb97016996936fe38
SHA1

010b868fe1a9e637912226a1eda1b73d901347dd
SHA256

366373109445178df10e219c3d58ea40b435c3cc20f80be7398d199aee01f62b
SHA512

e0692e425b7c702d297c88f0495c3bdae53eb566c3128f334d0e87e90a7047c433633f918ab6163a025a488111bcb2f199df0852b338fdc00e524897a2a7d82e
SSDEEP

768:73oACIqXSoiSnWsHorfhH7HjVq9HTtYcFA/Vc6K:7TCxNn/orfhbDVqRD8Vcl

Score

10^/10

discovery evasion exploit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NightMare.exe

Resource

win7-20240708-en

discovery evasion exploit persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

NightMare.exe

Resource

win10v2004-20240709-en

discovery evasion exploit persistence trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  NightMare.exe
- Size
  
  42KB
- MD5
  
  4c5dfe827dd3465bb97016996936fe38
- SHA1
  
  010b868fe1a9e637912226a1eda1b73d901347dd
- SHA256
  
  366373109445178df10e219c3d58ea40b435c3cc20f80be7398d199aee01f62b
- SHA512
  
  e0692e425b7c702d297c88f0495c3bdae53eb566c3128f334d0e87e90a7047c433633f918ab6163a025a488111bcb2f199df0852b338fdc00e524897a2a7d82e
- SSDEEP
  
  768:73oACIqXSoiSnWsHorfhH7HjVq9HTtYcFA/Vc6K:7TCxNn/orfhbDVqRD8Vcl
Score

10^/10

discovery evasion exploit persistence trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

behavioral2

discoveryevasionexploitpersistencetrojan

© 2018-2025

Terms | Privacy