URL: | https://cdn.discordapp.com/attachments/915358573230448741/935331898278952960/Installer_GenNitro.exe |
Full analysis: | https://app.any.run/tasks/3d95c01b-f5d9-43dd-a2a3-136d5e60110e |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 01:58:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A02F5C396777B40937FF9A30888CAE27 |
SHA1: | 65A5BF32030569841BF26AC64C44B2B117316051 |
SHA256: | 068D94C067C0B3ED60262DF6680632BFC2AC6D68A13AA41057079339EB1E40F7 |
SSDEEP: | 3:N8cCWdy6//lc2SREUKc+MQmKqWTXJUn:2cry6Xlc2SWUKlRmKFXJUn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1044 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://cdn.discordapp.com/attachments/915358573230448741/935331898278952960/Installer_GenNitro.exe" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3792 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1044 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2640 | "C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Users\admin\Downloads\Installer_GenNitro.exe | — | iexplore.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
468 | "C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Users\admin\Downloads\Installer_GenNitro.exe | iexplore.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
2312 | "C:\Windows\system32\cmd" /c "C:\Users\admin\AppData\Local\Temp\5ADF.tmp\5AE0.tmp\5AE1.bat C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Windows\system32\cmd.exe | — | Installer_GenNitro.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
1516 | "C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Users\admin\Downloads\Installer_GenNitro.exe | — | iexplore.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
3108 | "C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Users\admin\Downloads\Installer_GenNitro.exe | iexplore.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
3840 | "C:\Windows\system32\cmd" /c "C:\Users\admin\AppData\Local\Temp\7A2E.tmp\7A2F.tmp\7A30.bat C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Windows\system32\cmd.exe | — | Installer_GenNitro.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
2464 | "C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Users\admin\Downloads\Installer_GenNitro.exe | — | iexplore.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
1340 | "C:\Users\admin\Downloads\Installer_GenNitro.exe" | C:\Users\admin\Downloads\Installer_GenNitro.exe | iexplore.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1044 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4D986145-7D82-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:606EF00ABB50CC1F5763163DB00B7FB7 | SHA256:5696D4CF5DFEAA93F8E5FF6F5DEF9C63D82F53195B85910A65137F6B506C2F75 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:001DC1E25B87A8E14B6391CEC334244A | SHA256:80BEB515DE5B1F9DAFD3DD7B5EBBD9FD2A7C6889173805695270AAE50423C559 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Installer_GenNitro[1].exe | executable | |
MD5:6F3F0E51AAB17F809A598D167364E65C | SHA256:B30E56D6AB063D543E104189234EF17E5CFB1DF3F67B4BDFF42777F4582276D4 | |||
1044 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF8BD9465AFD4C0394.TMP | gmc | |
MD5:AC230717F68C224BB0584FF95A4FD672 | SHA256:8C1BE7F503A640973E001F32F82E440E5D9997046399B905C50C959AA783FA2F | |||
3792 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:8CD7E90C9F52DCC22A188DB1D82D4356 | SHA256:F3F9DC32585CEBC0A478458DF911980CF546F8DAB032649EC676B7D243A4F46F | |||
3792 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:DB7B2C761496DC5FA4E12891AF5960CB | SHA256:927E12574ED2F65C6310F1F1AF029BCE88A10108F1D27A6737AF409A9B368931 | |||
1044 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:C95BE199B3223442F2EB7236E0BC368A | SHA256:0C477840A568CD43CCBE823B330B0955E71E3368D4C1B46B1B1EAAFD37F53B01 | |||
1044 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:111DCDB55A88510DB3C1E141A0EA1538 | SHA256:022A2CD07C65A61F3419427C0D278028CC8FD3C40D593279C2035D881013973B | |||
1044 | iexplore.exe | C:\Users\admin\Downloads\Installer_GenNitro.exe | executable | |
MD5:D0A91DA24204B537BBBA7219DDAD012F | SHA256:7264929871B952C0EB00F973480744F8974CF56BE3F01A599BCD502001A71944 | |||
3792 | iexplore.exe | C:\Users\admin\Downloads\Installer_GenNitro.exe.kfgvmvn.partial | executable | |
MD5:D0A91DA24204B537BBBA7219DDAD012F | SHA256:7264929871B952C0EB00F973480744F8974CF56BE3F01A599BCD502001A71944 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1044 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1044 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3792 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1044 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
3792 | iexplore.exe | GET | 200 | 8.248.1.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?edd9ce1cc687364b | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1044 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3792 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3792 | iexplore.exe | 162.159.135.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
1044 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3792 | iexplore.exe | 162.159.133.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
3792 | iexplore.exe | 8.248.1.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
1044 | iexplore.exe | 204.79.197.203:443 | www.msn.com | Microsoft Corporation | US | whitelisted |
1044 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1044 | iexplore.exe | 104.111.242.51:443 | go.microsoft.com | Akamai International B.V. | NL | unknown |
1044 | iexplore.exe | 40.83.186.94:443 | query.prod.cms.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
cdn.discordapp.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.msn.com |
| whitelisted |