Analysis
-
max time kernel
46s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-08-2022 20:35
Behavioral task
behavioral1
Sample
j1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
j1.exe
Resource
win10v2004-20220812-en
General
-
Target
j1.exe
-
Size
68KB
-
MD5
0816e820c5380f3690a605ed21e16680
-
SHA1
4240d81fb389f59a8e245ee4a2d2dba9b02023d4
-
SHA256
44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3
-
SHA512
bb7d23cbfe7ce094d6e80e29d0915aa4a9c612471313e1c838bd7e57cec66a5c7c33f1846e3d80726db1c4583838d73b9b10e72f1e97320423b0af89ceeb5812
Malware Config
Signatures
-
RunningRat
RunningRat is a remote access trojan first seen in 2018.
-
RunningRat payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2012-54-0x0000000010000000-0x000000001000F000-memory.dmp family_runningrat -
Loads dropped DLL 1 IoCs
Processes:
j1.exepid process 2012 j1.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
j1.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz j1.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 j1.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD5bcee601174e502b890d9885c17821fed
SHA11307067751e0dffae6e730ffde136ce7e2215069
SHA2561bddfa0f321a0603ffca9e642e8984f050591b18041645a9e68df657f2d63624
SHA5123b9b0a4c9e13452f5e2d708db5d652524b01ca4222ba0b09d938637f14acb9f9f78892b1ce152d893e1bba47abb393f65cfb303c0594ea8dfd2edf05d952a537