General
-
Target
Server2.zip
-
Size
211KB
-
Sample
220809-zdh42afffp
-
MD5
3af4cf3d8df4d35c9bb811aaa40e3e96
-
SHA1
519a143633657a6e60767fa23171a005e4b4a9cd
-
SHA256
ab848665d099cb50c939e27c37c04c009f66e21af789a15d2b96765dca832502
-
SHA512
30ac9c9ecebfe300077a1c0dba136b353f3955fa4c4922775bb77f7e7abac1da6580b1c10c05056d3388b9f77cee612631f240e7d545eaba11a58c61572c21b2
Static task
static1
Behavioral task
behavioral1
Sample
Server2.ps1
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Server2.ps1
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
Server2.ps1
-
Size
612KB
-
MD5
6bc00b50a62e3f2160b9edf1cb1cce8e
-
SHA1
1381fac090dcc9a5635e3e0ae4c6693f726c4dd5
-
SHA256
4ca62a1c904c5a12aac80ea69f09c4ba439a0eb786d23d384f76f42c32f0063c
-
SHA512
571b564613e8c6f72a951cbcafa5e5caf9043cb7fffa97f474c80e2bb50f9db281cdd4608c0bcb1a64ce15723f82af78290e76fb9bd50eb36fce7126fe9d1479
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-