General
-
Target
enc.zip
-
Size
1KB
-
Sample
220809-xt2vzagdc7
-
MD5
d22dd7ccc3a29e2de21c7996543b9396
-
SHA1
c6846b0cf15d63bf2bb72f929cb0873b6207e9c2
-
SHA256
ef9b9da0e50039c5155abcb728f093f5818f7dfbc72374a044c76ec4fabe97a0
-
SHA512
cde7c2b17ca6e979036d5d26d7fb763f0cfe7f02ccf8553e9841b3e2d7f804e98735e6c8daae153450a9149f1f27dc60713a20d46c0970a2c8fd1395e5453243
Static task
static1
Behavioral task
behavioral1
Sample
enc.hta
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
enc.hta
Resource
win10v2004-20220722-en
Malware Config
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
enc.hta
-
Size
4KB
-
MD5
a22a14258d33638343e40b4ef674b06d
-
SHA1
172a63be58e0a1c0d4a4b0a933d74b6af9164ddc
-
SHA256
5ea0ac297ec8f31acc2fa0c4475d2bcf044b2699e2417a8aa650d1b742ade518
-
SHA512
eb1c994e51bb36dbbbe54e64d642276e6924d332611c072ef215ff0cd17439187ca15467f1848526a1fd9c279b96c4cd2446e83fd992eb94c58daa965a1eda58
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-