Overview

overview

1

Static

static

1

NitroUnlockerV4.bat

windows7-x64

1

NitroUnlockerV4.bat

windows10-2004-x64

1

NitroUnlockerV4.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    6s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/09/2024, 12:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NitroUnlockerV4.bat

  • Size

    3KB

  • MD5

    3e0090cd181626ac2b0b53cb844de696

  • SHA1

    3d19d7988df44cc54cd68afb8d8c951bf35fcd07

  • SHA256

    dd0181a567fa877581bdf19a5a944e46ed304c6d0d50970d3614f55bf6c349d3

  • SHA512

    4f85110e8120364c5092eaf421b2e29873cffe7f8f411500b5f6de436b5996ed5f5fdf83707f08416e000a4063f47144316ae08f0b0000a1e13437755c902ae9

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroUnlockerV4.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3372
    • C:\Windows\system32\taskkill.exe
      taskkill /f /IM explorer.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4140
    • C:\Windows\system32\rundll32.exe
      rundll32.exe user32.dll, LockWorkStation
      2⤵
        PID:3220
      • C:\Windows\system32\rundll32.exe
        rundll32.exe user32.dll, TileHorizontally
        2⤵
          PID:2108
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0 /state0:0xa3a1e055 /state1:0x41c64e6d
        1⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4828

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-131918955-2378418313-883382443-1000\ReadOnly\LockScreen_Z\LockScreen___1280_0720_notdimmed.jpg
              Filesize

              62KB

              MD5

              6cb7e9f13c79d1dd975a8aa005ab0256

              SHA1

              eac7fc28cc13ac1e9c85f828215cd61f0c698ae3

              SHA256

              af2537d470fddbeda270c965b8dbdf7e9ccf480ed2f525012e2f1035112a6d67

              SHA512

              3a40359d8e4cc8792be78a022dc04daed5c1cc55d78fe9cf3e061ea5587baa15023ce2152238f5be5cc5124cd468f220cf9dab54344d93edd3dfcd400b24469d

              Download Submit