General
-
Target
Server.zip
-
Size
211KB
-
Sample
220809-zasjashcf9
-
MD5
da127d6bb78b18286e463aca65935848
-
SHA1
b68aa8f53f979070c9bb9887391e3ffc8a69cb79
-
SHA256
82e3a01167feaeda8f7257e9bf875ab05a5bf4a26c31fcb2bb34e204ac6734df
-
SHA512
acba588498ffc2a1f93c45a4ccf599d71830c8d93580dbb7510eafceda9a33223ec6c1f8cd3668a6611bac782a766ac76475b13b10699283819be3d76134baed
Static task
static1
Behavioral task
behavioral1
Sample
Server.ps1
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Server.ps1
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
Server.ps1
-
Size
612KB
-
MD5
97c12ecc7e95b2e262e91bf5aa591887
-
SHA1
007fcf42f768b48d568716f8fd816ed632fda354
-
SHA256
a4431f4c7fdfe445129cce301c59e05d5cc4b1b33aad3341d18308c46efb1024
-
SHA512
8329cb6798514fb010bcb20934b87fc7cda9b5342749a1de7b9be4d894db4ecba46e600847e7c4dadb9d1a61a1ee501da177b06b39533dbfe7d6671181bae5b0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-