Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
30-09-2021 12:36
Static task
static1
Behavioral task
behavioral1
Sample
3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe
Resource
win10v20210408
General
-
Target
3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe
-
Size
126KB
-
MD5
908eba5a2eb01adb8dec24796369a583
-
SHA1
390772bf93171a02e4d22b8c262854ffbd1cd132
-
SHA256
3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e
-
SHA512
1dbfbe2feb32ec8bb5c3f297a7e1a56c0df5bf7bbed4f3bdc79eddd2c77664ba647a493c28837e8fd558615026c1dbddf5627b0f7747409d173a9c55e48e4752
Malware Config
Extracted
njrat
v2.0
@ WeSt - HaCkInG K.S.A @
w187.ddns.net:22
Intel HD Graphics Drivers for Windows(R)
-
reg_key
Intel HD Graphics Drivers for Windows(R)
-
splitter
|-F-|
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Intel HD Graphics Drivers for Windows(R).exeIntel HD Graphics Drivers for Windows(R).exepid process 580 Intel HD Graphics Drivers for Windows(R).exe 1212 Intel HD Graphics Drivers for Windows(R).exe -
Drops startup file 4 IoCs
Processes:
Intel HD Graphics Drivers for Windows(R).exeIntel HD Graphics Drivers for Windows(R).exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel HD Graphics Drivers for Windows(R).exe Intel HD Graphics Drivers for Windows(R).exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel HD Graphics Drivers for Windows(R).lnk Intel HD Graphics Drivers for Windows(R).exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel HD Graphics Drivers for Windows(R).lnk Intel HD Graphics Drivers for Windows(R).exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel HD Graphics Drivers for Windows(R).exe Intel HD Graphics Drivers for Windows(R).exe -
Adds Run key to start application 2 TTPs 5 IoCs
Processes:
Intel HD Graphics Drivers for Windows(R).exeIntel HD Graphics Drivers for Windows(R).exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\Intel HD Graphics Drivers for Windows(R) = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Intel HD Graphics Drivers for Windows(R).URL" Intel HD Graphics Drivers for Windows(R).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Intel HD Graphics Drivers for Windows(R) = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Intel HD Graphics Drivers for Windows(R).URL" Intel HD Graphics Drivers for Windows(R).exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\Intel HD Graphics Drivers for Windows(R)2 = "C:\\Users\\Admin\\AppData\\Roaming\\Intel HD Graphics Drivers for Windows(R).exe" Intel HD Graphics Drivers for Windows(R).exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\Intel HD Graphics Drivers for Windows(R)2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Intel HD Graphics Drivers for Windows(R).URL" Intel HD Graphics Drivers for Windows(R).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Intel HD Graphics Drivers for Windows(R)2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Intel HD Graphics Drivers for Windows(R).URL" Intel HD Graphics Drivers for Windows(R).exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 34 IoCs
Processes:
3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exeIntel HD Graphics Drivers for Windows(R).exedescription pid process Token: SeDebugPrivilege 636 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe Token: 33 636 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe Token: SeIncBasePriorityPrivilege 636 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe Token: SeDebugPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe Token: 33 1212 Intel HD Graphics Drivers for Windows(R).exe Token: SeIncBasePriorityPrivilege 1212 Intel HD Graphics Drivers for Windows(R).exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exeIntel HD Graphics Drivers for Windows(R).exedescription pid process target process PID 636 wrote to memory of 580 636 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe Intel HD Graphics Drivers for Windows(R).exe PID 636 wrote to memory of 580 636 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe Intel HD Graphics Drivers for Windows(R).exe PID 636 wrote to memory of 580 636 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe Intel HD Graphics Drivers for Windows(R).exe PID 580 wrote to memory of 1212 580 Intel HD Graphics Drivers for Windows(R).exe Intel HD Graphics Drivers for Windows(R).exe PID 580 wrote to memory of 1212 580 Intel HD Graphics Drivers for Windows(R).exe Intel HD Graphics Drivers for Windows(R).exe PID 580 wrote to memory of 1212 580 Intel HD Graphics Drivers for Windows(R).exe Intel HD Graphics Drivers for Windows(R).exe PID 580 wrote to memory of 1500 580 Intel HD Graphics Drivers for Windows(R).exe attrib.exe PID 580 wrote to memory of 1500 580 Intel HD Graphics Drivers for Windows(R).exe attrib.exe PID 580 wrote to memory of 1500 580 Intel HD Graphics Drivers for Windows(R).exe attrib.exe -
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe"C:\Users\Admin\AppData\Local\Temp\3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Intel HD Graphics Drivers for Windows(R).exe"C:\Users\Admin\AppData\Local\Temp\Intel HD Graphics Drivers for Windows(R).exe"2⤵
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Intel HD Graphics Drivers for Windows(R).exe"C:\Users\Admin\AppData\Roaming\Intel HD Graphics Drivers for Windows(R).exe"3⤵
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\attrib.exeattrib +h +r +s "C:\Users\Admin\AppData\Roaming\Intel HD Graphics Drivers for Windows(R).exe"3⤵
- Views/modifies file attributes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Intel HD Graphics Drivers for Windows(R).exeMD5
f19f7b77300d578fe7f0304ee15bfae3
SHA189f17fcbf414876b65e555d8cf51ab8db4db132c
SHA2567e9b32e715ed33aa05dbcf577876933ee43a0632ffcd95a50b23d612d82a88d1
SHA512167c1c0e40105556068675f62fd06131864e7fa813d0575882c6d5ac60812ef42a348ee78d3fe11348fe1561e8beda72440030daaca1401b1ed314d70ffa128d
-
C:\Users\Admin\AppData\Local\Temp\Intel HD Graphics Drivers for Windows(R).exeMD5
f19f7b77300d578fe7f0304ee15bfae3
SHA189f17fcbf414876b65e555d8cf51ab8db4db132c
SHA2567e9b32e715ed33aa05dbcf577876933ee43a0632ffcd95a50b23d612d82a88d1
SHA512167c1c0e40105556068675f62fd06131864e7fa813d0575882c6d5ac60812ef42a348ee78d3fe11348fe1561e8beda72440030daaca1401b1ed314d70ffa128d
-
C:\Users\Admin\AppData\Roaming\Intel HD Graphics Drivers for Windows(R).exeMD5
f19f7b77300d578fe7f0304ee15bfae3
SHA189f17fcbf414876b65e555d8cf51ab8db4db132c
SHA2567e9b32e715ed33aa05dbcf577876933ee43a0632ffcd95a50b23d612d82a88d1
SHA512167c1c0e40105556068675f62fd06131864e7fa813d0575882c6d5ac60812ef42a348ee78d3fe11348fe1561e8beda72440030daaca1401b1ed314d70ffa128d
-
C:\Users\Admin\AppData\Roaming\Intel HD Graphics Drivers for Windows(R).exeMD5
f19f7b77300d578fe7f0304ee15bfae3
SHA189f17fcbf414876b65e555d8cf51ab8db4db132c
SHA2567e9b32e715ed33aa05dbcf577876933ee43a0632ffcd95a50b23d612d82a88d1
SHA512167c1c0e40105556068675f62fd06131864e7fa813d0575882c6d5ac60812ef42a348ee78d3fe11348fe1561e8beda72440030daaca1401b1ed314d70ffa128d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel HD Graphics Drivers for Windows(R).lnkMD5
75d3ceb076c85ec307e587a7cef7b69e
SHA1a3acf2cf7ee1f316cc91c25e76b09f364215538c
SHA256695e75ecfe3a476da0a1dc0335a6dd46a3e8ecefbffbeaa2e738b3ec3f3613ae
SHA5127747872fde5ace1a27c0169ea2e8fb6090e54eaeb84b2451b41e10ccfab66b7613b8fe6cac2d25b1c845136cc8fd9d714b65dd4b6e814e84c2ab3f3fd3babc80
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Intel HD Graphics Drivers for Windows(R).lnkMD5
252b37f9414f08a1e0a4b1936ee86215
SHA10297c7b4c3541ea2ec73de1a811ef5b79b26968f
SHA256d60f697e7bcb8b6089ca2b274aa33a66a5543649c2558b2c0b2b0b41f2fc5975
SHA512f42a369f284be941c22730bb1f75e7845540b335174b20260af90746ff11fbad4f6390946bf2fb98cce7f5f8ce7976c52c4eed15b867466add5ed4133d8c98d2
-
memory/580-119-0x0000000000000000-mapping.dmp
-
memory/580-122-0x0000000001210000-0x0000000001211000-memory.dmpFilesize
4KB
-
memory/636-118-0x0000000001AE0000-0x0000000001AE1000-memory.dmpFilesize
4KB
-
memory/636-117-0x00000000034C0000-0x00000000034C1000-memory.dmpFilesize
4KB
-
memory/636-116-0x0000000005FB0000-0x0000000005FB1000-memory.dmpFilesize
4KB
-
memory/636-114-0x0000000000FD0000-0x0000000000FD1000-memory.dmpFilesize
4KB
-
memory/1212-123-0x0000000000000000-mapping.dmp
-
memory/1212-129-0x0000000001030000-0x0000000001031000-memory.dmpFilesize
4KB
-
memory/1500-126-0x0000000000000000-mapping.dmp