Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    09-11-2024 04:18

General

  • Target

    forcenitro2.4.1.exe

  • Size

    78.9MB

  • MD5

    d292c1fe9f36882b01bd70a2b0aa391c

  • SHA1

    72b0aa6d32e09ced66a3c10414e02e84569e009e

  • SHA256

    a5c3478916ed2c028f824b22b73fc10699be8640b308e5986b7490a1ac818da3

  • SHA512

    138acc03b072806327f03ab6149d2ca86e53ceee33420362047a2e86c800d6c7aaa21401c0a8c2eae627e42f17b2afb6a58e0a6a9eddffa2b330a85bf31a91e6

  • SSDEEP

    1572864:vBrTvQJaVQ3L6y14qMZJQsl6R7EYvrFn97PSAGJAVP5ieBmhxU:5rTvQJiQD14q4cRB7RVBFoxU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe
    "C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe
      "C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe"
      2⤵
      • Loads dropped DLL
      PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI14722\python39.dll

    Filesize

    4.2MB

    MD5

    c4b75218b11808db4a04255574b2eb33

    SHA1

    f4a3497fb6972037fb271cfdc5b404a4b28ccf07

    SHA256

    53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

    SHA512

    0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c