c6897ee5e6e0c63e0cf1866460859894664359d397f9d453546adf12c7794818 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
09/11/2024, 04:18 UTC

Sharing

Report Analysis Logs

General

Target

forcenitro2.4.1.exe
Size

78.9MB
MD5

d292c1fe9f36882b01bd70a2b0aa391c
SHA1

72b0aa6d32e09ced66a3c10414e02e84569e009e
SHA256

a5c3478916ed2c028f824b22b73fc10699be8640b308e5986b7490a1ac818da3
SHA512

138acc03b072806327f03ab6149d2ca86e53ceee33420362047a2e86c800d6c7aaa21401c0a8c2eae627e42f17b2afb6a58e0a6a9eddffa2b330a85bf31a91e6
SSDEEP

1572864:vBrTvQJaVQ3L6y14qMZJQsl6R7EYvrFn97PSAGJAVP5ieBmhxU:5rTvQJiQD14q4cRB7RVBFoxU

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1224	forcenitro2.4.1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1224	1472	forcenitro2.4.1.exe	32
PID 1472 wrote to memory of 1224	1472	forcenitro2.4.1.exe	32
PID 1472 wrote to memory of 1224	1472	forcenitro2.4.1.exe	32

C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe
"C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe
  "C:\Users\Admin\AppData\Local\Temp\forcenitro2.4.1.exe"
  2⤵
  - Loads dropped DLL
  PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14722\python39.dll

Filesize
4.2MB

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit