Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-11-2024 18:16

General

  • Target

    Nitro Gen V1.0 By JF.rar

  • Size

    896KB

  • MD5

    13a99a4d50680729e184b063de8e9190

  • SHA1

    2557e7feac1fc0e5a33a75e19308f0db76a5dffc

  • SHA256

    a168edbf63b98d8e0dbdb524308f89ff2fd3b7226e5b9a400763d1fa357f1483

  • SHA512

    7ad8d51b756942db12d25cbd425eaaf4560239d52278d56130bdd7b19c3c7d7217f38bfd9a72d0c6be8e1c14e64bad2b9945590ff8b10b085f53133d3bfdc57c

  • SSDEEP

    24576:IDGcSY0uvqSsmJ/w/p7maGUmD2dEcg4cnzMFIEhzw:ICRnvNtlbXdMvWhc

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:892
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2228
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3408
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a595cc40,0x7ff9a595cc4c,0x7ff9a595cc58
        2⤵
          PID:2580
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
          2⤵
            PID:4124
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
            2⤵
              PID:2164
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
              2⤵
                PID:4752
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
                2⤵
                  PID:4608
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
                  2⤵
                    PID:3556
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4104 /prefetch:1
                    2⤵
                      PID:3144
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4352 /prefetch:8
                      2⤵
                        PID:4084
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
                        2⤵
                          PID:3260
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
                          2⤵
                            PID:1804
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
                            2⤵
                              PID:3432
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3096,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:1
                              2⤵
                                PID:1980
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3520,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
                                2⤵
                                  PID:4180
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4656,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:1
                                  2⤵
                                    PID:1808
                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                  1⤵
                                    PID:4236
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                    1⤵
                                      PID:724

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                      Filesize

                                      649B

                                      MD5

                                      89f50b7a82ac2c5158e8cb774b811314

                                      SHA1

                                      79f08f72e71fa0e59fc5f0da6be840e614528d94

                                      SHA256

                                      fac244937fb6fd3ad528c30401059d8e029631c20f0b5e383cc890990f2698c0

                                      SHA512

                                      fe6ca4b2fc0f69539da6ada1dad15dba0287ff20616e107a8c9aa3e8fe44524253dc5e32226d3ea34d650d02ddcad12f070b0c0d71f0503c9eb04911d880bacf

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      356B

                                      MD5

                                      804466c865b55128d386944763b3246a

                                      SHA1

                                      6a457198f861ebbf3ef984e3e69f449e522c94f7

                                      SHA256

                                      60499d9b53af0a7ac724c0e317d30dc6f56644bcceb36f43df5a391a5d255399

                                      SHA512

                                      f64f5405a9497295382061961a74189ce08ed4313240e7c08f97f0494942632fd849b19dc76b02dfa5640679796a2890537432bff8b6c574305783fabdde573b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      8KB

                                      MD5

                                      86ed8f85de910bb2283bbc5b3f8a57a6

                                      SHA1

                                      6be2b69a7cc87fbc301dfc89615f0ca1e4a829d2

                                      SHA256

                                      ca499776c392bafabb2d8d6a93f3cd4cd8df46bd6c0d4c321235437df2efe088

                                      SHA512

                                      5631c236a9ded00565a7629b4f0935ce4038bafe4651a69d1e886225f47c2bcd1844f85e098ead2a83ca5038306552a9c5343dfbf0a8a15b121018fbc98c3863

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      271feb958a85bcfdd20814bc499b08b7

                                      SHA1

                                      c793866fb45fe22b18c59351d07eb434a7d28c88

                                      SHA256

                                      ec9215482a7bb6be054768fc6521ed8f6a7c11f8238a786e91c438ea706ce089

                                      SHA512

                                      1b08c47415caac8435a8f5f8c43b6bae5592bba12a92084cdfcc1e429e4c0e0814189eb28e94d479f683be79ed4340ce638e5086ab82d719174cebedbec73acd

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                      Filesize

                                      15KB

                                      MD5

                                      f066af9ed9c44d3f39271493902a0c84

                                      SHA1

                                      d4fd6015ba9485e7ab70fb3826f5ee28eb4471c0

                                      SHA256

                                      91519bf3214535b23f15cf73cc80527e7358c9ac20bb32f933075760dd3f3b49

                                      SHA512

                                      e9ae1114f1da0b85e7f66ed788971bc5e7b3b19b208941a0868a21f12444327e231e542b67c110a70648aaffcde8e604d953fffcb82787831c406d98bb46d7aa

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      229KB

                                      MD5

                                      ef969c212da05032d1598b46e381d397

                                      SHA1

                                      2d3e74e49372fef83f9fa066802a1722645b065d

                                      SHA256

                                      5d5a03b81e856d8fc77d5fe203b69a02a98b2ec8907025b911486f9652bbdf87

                                      SHA512

                                      c4416408b417c97026dad9e0bb39dbc0fe5dc5fd465e869e132aa589e3204980914e0b2ec33fe9b668122bbe7d982413cbb682e4ff8f41bc6a5c2f0ba12aecad