Overview

overview

3

Static

static

1

Nitro-Gene...g.json

windows11-21h2-x64

3

Nitro-Gene...es.txt

windows11-21h2-x64

3

Nitro-Gene...ain.py

windows11-21h2-x64

3

Nitro-Gene...ts.txt

windows11-21h2-x64

3

Nitro-Gene...it.txt

windows11-21h2-x64

3

Nitro-Gene...tt.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    437s
  • max time network
    1157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/11/2024, 03:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Nitro-Generator-main/startt.bat

  • Size

    28B

  • MD5

    cba85077c698d632c35bf45bc508bc6c

  • SHA1

    dc856e98452177f687fb3032e4d320c663dd5a4d

  • SHA256

    89e543a51b4496cef48a717747545f761d4ce288551e05b61d61fea24920253c

  • SHA512

    dd9d16c66ab6f96006d89a8059334dc15069cce8ddefa82bd22f6c4fe0a13fef905a51f7aca93bf780a9043b4715f1d2dd61e8dc560ef2464c9ab2deac2ee2ff

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Nitro-Generator-main\startt.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\system32\cmd.exe
      cmd.exe
      2⤵
        PID:1456
      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
        python main.py
        2⤵
          PID:3812

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads