Analysis
-
max time kernel
42s -
max time network
39s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:34
Static task
static1
Behavioral task
behavioral1
Sample
Nitro Gen V1.0 By JF.rar
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Nitro Gen V1.0 By JF.rar
Resource
win10v2004-20240802-en
General
-
Target
Nitro Gen V1.0 By JF.rar
-
Size
896KB
-
MD5
13a99a4d50680729e184b063de8e9190
-
SHA1
2557e7feac1fc0e5a33a75e19308f0db76a5dffc
-
SHA256
a168edbf63b98d8e0dbdb524308f89ff2fd3b7226e5b9a400763d1fa357f1483
-
SHA512
7ad8d51b756942db12d25cbd425eaaf4560239d52278d56130bdd7b19c3c7d7217f38bfd9a72d0c6be8e1c14e64bad2b9945590ff8b10b085f53133d3bfdc57c
-
SSDEEP
24576:IDGcSY0uvqSsmJ/w/p7maGUmD2dEcg4cnzMFIEhzw:ICRnvNtlbXdMvWhc
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1932 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2920 rundll32.exe 1932 vlc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1600 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1600 AUDIODG.EXE Token: 33 1600 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1600 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe 1932 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1932 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 600 wrote to memory of 2920 600 cmd.exe 31 PID 600 wrote to memory of 2920 600 cmd.exe 31 PID 600 wrote to memory of 2920 600 cmd.exe 31 PID 2920 wrote to memory of 2156 2920 rundll32.exe 32 PID 2920 wrote to memory of 2156 2920 rundll32.exe 32 PID 2920 wrote to memory of 2156 2920 rundll32.exe 32 PID 2156 wrote to memory of 1932 2156 rundll32.exe 34 PID 2156 wrote to memory of 1932 2156 rundll32.exe 34 PID 2156 wrote to memory of 1932 2156 rundll32.exe 34
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar"1⤵
- Suspicious use of WriteProcessMemory
PID:600 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1932
-
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:600
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f41⤵
- Suspicious use of AdjustPrivilegeToken
PID:1600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104B
MD580a0493bbaa9054ee732e07005897286
SHA13e49fcfa7370a84d06257c9e2329fd0408fac2e1
SHA256656e39f20a3453515943a6afdcd415887e85495da4d413644e19e3cd4a78c5af
SHA512101fc8960a3b1be86e4bd84f4a729fcbfd3ee676621600a13b6ee6a54baa76543c3217c3a67ac91a24c0649629a2a600ea2cbede1b2135a3e8ce2b7bef0fd9b0
-
Filesize
18B
MD5ad92643fe62db9b8f07143e510b28bd8
SHA1817f911d58b6c8d5e35d25e2d0a29cfb9fa71c9f
SHA256777ffea0be2437d81a45c3de530a351db7b4ed81e49d9b976a6bb547620fc2d3
SHA512ba0e055d51efc70e42a7d3f9e2e1bfc312c189b9029f6f972007fc67369d22d0d4c54db8059f52eaba43565c4d9125553b4529e38e1f0ff541648f7f053fdfe7