Analysis

  • max time kernel
    42s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 09:34

General

  • Target

    Nitro Gen V1.0 By JF.rar

  • Size

    896KB

  • MD5

    13a99a4d50680729e184b063de8e9190

  • SHA1

    2557e7feac1fc0e5a33a75e19308f0db76a5dffc

  • SHA256

    a168edbf63b98d8e0dbdb524308f89ff2fd3b7226e5b9a400763d1fa357f1483

  • SHA512

    7ad8d51b756942db12d25cbd425eaaf4560239d52278d56130bdd7b19c3c7d7217f38bfd9a72d0c6be8e1c14e64bad2b9945590ff8b10b085f53133d3bfdc57c

  • SSDEEP

    24576:IDGcSY0uvqSsmJ/w/p7maGUmD2dEcg4cnzMFIEhzw:ICRnvNtlbXdMvWhc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:600
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2156
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1932
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:600
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4f4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

      Filesize

      104B

      MD5

      80a0493bbaa9054ee732e07005897286

      SHA1

      3e49fcfa7370a84d06257c9e2329fd0408fac2e1

      SHA256

      656e39f20a3453515943a6afdcd415887e85495da4d413644e19e3cd4a78c5af

      SHA512

      101fc8960a3b1be86e4bd84f4a729fcbfd3ee676621600a13b6ee6a54baa76543c3217c3a67ac91a24c0649629a2a600ea2cbede1b2135a3e8ce2b7bef0fd9b0

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

      Filesize

      18B

      MD5

      ad92643fe62db9b8f07143e510b28bd8

      SHA1

      817f911d58b6c8d5e35d25e2d0a29cfb9fa71c9f

      SHA256

      777ffea0be2437d81a45c3de530a351db7b4ed81e49d9b976a6bb547620fc2d3

      SHA512

      ba0e055d51efc70e42a7d3f9e2e1bfc312c189b9029f6f972007fc67369d22d0d4c54db8059f52eaba43565c4d9125553b4529e38e1f0ff541648f7f053fdfe7

    • memory/1932-62-0x000007FEF3CD0000-0x000007FEF3CF8000-memory.dmp

      Filesize

      160KB

    • memory/1932-43-0x000007FEF5300000-0x000007FEF5311000-memory.dmp

      Filesize

      68KB

    • memory/1932-45-0x000007FEF52C0000-0x000007FEF52D1000-memory.dmp

      Filesize

      68KB

    • memory/1932-44-0x000007FEF52E0000-0x000007FEF52FD000-memory.dmp

      Filesize

      116KB

    • memory/1932-42-0x000007FEF5630000-0x000007FEF5647000-memory.dmp

      Filesize

      92KB

    • memory/1932-41-0x000007FEF5FC0000-0x000007FEF5FD1000-memory.dmp

      Filesize

      68KB

    • memory/1932-38-0x000007FEF5320000-0x000007FEF55D6000-memory.dmp

      Filesize

      2.7MB

    • memory/1932-39-0x000007FEF6000000-0x000007FEF6018000-memory.dmp

      Filesize

      96KB

    • memory/1932-46-0x000007FEF50B0000-0x000007FEF52BB000-memory.dmp

      Filesize

      2.0MB

    • memory/1932-57-0x000007FEF3E70000-0x000007FEF3EA0000-memory.dmp

      Filesize

      192KB

    • memory/1932-47-0x000007FEF4000000-0x000007FEF50B0000-memory.dmp

      Filesize

      16.7MB

    • memory/1932-67-0x000007FEF3C10000-0x000007FEF3C22000-memory.dmp

      Filesize

      72KB

    • memory/1932-66-0x000007FEF3C30000-0x000007FEF3C41000-memory.dmp

      Filesize

      68KB

    • memory/1932-65-0x000007FEF3C50000-0x000007FEF3C73000-memory.dmp

      Filesize

      140KB

    • memory/1932-64-0x000007FEF3C80000-0x000007FEF3C98000-memory.dmp

      Filesize

      96KB

    • memory/1932-63-0x000007FEF3CA0000-0x000007FEF3CC4000-memory.dmp

      Filesize

      144KB

    • memory/1932-61-0x000007FEF3D00000-0x000007FEF3D57000-memory.dmp

      Filesize

      348KB

    • memory/1932-37-0x000007FEF6400000-0x000007FEF6434000-memory.dmp

      Filesize

      208KB

    • memory/1932-49-0x000007FEF3F80000-0x000007FEF3FA1000-memory.dmp

      Filesize

      132KB

    • memory/1932-59-0x000007FEF3D80000-0x000007FEF3DFC000-memory.dmp

      Filesize

      496KB

    • memory/1932-58-0x000007FEF3E00000-0x000007FEF3E67000-memory.dmp

      Filesize

      412KB

    • memory/1932-56-0x000007FEF3EA0000-0x000007FEF3EB8000-memory.dmp

      Filesize

      96KB

    • memory/1932-55-0x000007FEF3EC0000-0x000007FEF3ED1000-memory.dmp

      Filesize

      68KB

    • memory/1932-54-0x000007FEF3EE0000-0x000007FEF3EFB000-memory.dmp

      Filesize

      108KB

    • memory/1932-53-0x000007FEF3F00000-0x000007FEF3F11000-memory.dmp

      Filesize

      68KB

    • memory/1932-52-0x000007FEF3F20000-0x000007FEF3F31000-memory.dmp

      Filesize

      68KB

    • memory/1932-51-0x000007FEF3F40000-0x000007FEF3F51000-memory.dmp

      Filesize

      68KB

    • memory/1932-50-0x000007FEF3F60000-0x000007FEF3F78000-memory.dmp

      Filesize

      96KB

    • memory/1932-60-0x000007FEF3D60000-0x000007FEF3D71000-memory.dmp

      Filesize

      68KB

    • memory/1932-48-0x000007FEF3FB0000-0x000007FEF3FF1000-memory.dmp

      Filesize

      260KB

    • memory/1932-40-0x000007FEF5FE0000-0x000007FEF5FF7000-memory.dmp

      Filesize

      92KB

    • memory/1932-36-0x000000013FF70000-0x0000000140068000-memory.dmp

      Filesize

      992KB

    • memory/1932-230-0x000007FEF6400000-0x000007FEF6434000-memory.dmp

      Filesize

      208KB

    • memory/1932-231-0x000007FEF5320000-0x000007FEF55D6000-memory.dmp

      Filesize

      2.7MB

    • memory/1932-229-0x000000013FF70000-0x0000000140068000-memory.dmp

      Filesize

      992KB

    • memory/1932-232-0x000007FEF4000000-0x000007FEF50B0000-memory.dmp

      Filesize

      16.7MB