Overview

overview

1

Static

static

1

NitroUnlockerV4.bat

windows7-x64

1

NitroUnlockerV4.bat

windows10-2004-x64

1

NitroUnlockerV4.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    11s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 12:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NitroUnlockerV4.bat

  • Size

    3KB

  • MD5

    3e0090cd181626ac2b0b53cb844de696

  • SHA1

    3d19d7988df44cc54cd68afb8d8c951bf35fcd07

  • SHA256

    dd0181a567fa877581bdf19a5a944e46ed304c6d0d50970d3614f55bf6c349d3

  • SHA512

    4f85110e8120364c5092eaf421b2e29873cffe7f8f411500b5f6de436b5996ed5f5fdf83707f08416e000a4063f47144316ae08f0b0000a1e13437755c902ae9

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroUnlockerV4.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Windows\system32\taskkill.exe
      taskkill /f /IM explorer.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1048
    • C:\Windows\system32\rundll32.exe
      rundll32.exe user32.dll, LockWorkStation
      2⤵
        PID:5040
      • C:\Windows\system32\rundll32.exe
        rundll32.exe user32.dll, TileHorizontally
        2⤵
          PID:4232
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0 /state0:0xa39a6055 /state1:0x41c64e6d
        1⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2112

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-523280732-2327480845-3730041215-1000\ReadOnly\LockScreen_W\LockScreen___1280_0720_notdimmed.jpg
              Filesize

              1.6MB

              MD5

              5641512b0154d1f085a8d9c3cef434fb

              SHA1

              921a13d3882774d5b038a66ade62700689cbdd3c

              SHA256

              0b8ca78426022d8a7189dcd3e72f72988aa1a79d91d2814415d4b212af7de777

              SHA512

              18d703a09932dda66d20273005051a64e2c8e9b77ae9252cd0564b172a9ae539a076330aa7c17488173aad8bcf206106d339f6b224d30f7def276e181bf0f72e

              Download Submit