Overview

overview

10

Static

static

10

checker ni...ro.exe

windows7-x64

7

checker ni...ro.exe

windows10-2004-x64

8

Resubmissions

15/02/2025, 02:00

250215-cfg87asrcx 10

08/02/2025, 23:42

250208-3p5zqaxrey 10

08/02/2025, 23:23

250208-3c8j3sxnex 10

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/02/2025, 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    checker nitro/checker de nitro.exe

  • Size

    15.7MB

  • MD5

    829823ecaf20b2cadacfc2a2caad0dc0

  • SHA1

    8ba0f8105fb37d1c0912cd743de0e18a89764252

  • SHA256

    4d241c03dc903dd9330360e59b7dffcc3efb3a0fc4d916b35536d99d06de5c9c

  • SHA512

    15d55a41043fb59b3e97b7ea63e7290c631630adccb63bfc9044c02733fe8ca126b1e7d40edcfb3b475de9fd18328ca4b478dadf08537edb4197e9a337f00395

  • SSDEEP

    393216:Zt6WBACSY/+0ItJeluL6LIH20drLYRZjop:ZtVB1/vIMul3aZjop

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\checker nitro\checker de nitro.exe
    "C:\Users\Admin\AppData\Local\Temp\checker nitro\checker de nitro.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\checker nitro\checker de nitro.exe
      "C:\Users\Admin\AppData\Local\Temp\checker nitro\checker de nitro.exe"
      2⤵
      • Loads dropped DLL
      PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI26562\python313.dll
    Filesize

    1.8MB

    MD5

    2a4aad7818d527bbea76e9e81077cc21

    SHA1

    4db3b39874c01bf3ba1ab8659957bbc28aab1ab2

    SHA256

    4712a6bb81b862fc292fcd857cef931ca8e4c142e70eaa4fd7a8d0a96aff5e7e

    SHA512

    d10631b7fc25a8b9cc038514e9db1597cec0580ee34a56ce5cfc5a33e7010b5e1df7f15ec30ebb351356e2b815528fb4161956f26b5bfaf3dce7bc6701b79c68

    Download Submit

  • memory/2552-24-0x000007FEF6280000-0x000007FEF68E4000-memory.dmp

    Filesize

    6.4MB

    Download