Analysis

  • max time kernel
    46s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2022 20:35

General

  • Target

    j1.exe

  • Size

    68KB

  • MD5

    0816e820c5380f3690a605ed21e16680

  • SHA1

    4240d81fb389f59a8e245ee4a2d2dba9b02023d4

  • SHA256

    44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3

  • SHA512

    bb7d23cbfe7ce094d6e80e29d0915aa4a9c612471313e1c838bd7e57cec66a5c7c33f1846e3d80726db1c4583838d73b9b10e72f1e97320423b0af89ceeb5812

Score
10/10

Malware Config

Signatures

  • RunningRat

    RunningRat is a remote access trojan first seen in 2018.

  • RunningRat payload 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\j1.exe
    "C:\Users\Admin\AppData\Local\Temp\j1.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    PID:2012

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7085019.dll

    Filesize

    37KB

    MD5

    bcee601174e502b890d9885c17821fed

    SHA1

    1307067751e0dffae6e730ffde136ce7e2215069

    SHA256

    1bddfa0f321a0603ffca9e642e8984f050591b18041645a9e68df657f2d63624

    SHA512

    3b9b0a4c9e13452f5e2d708db5d652524b01ca4222ba0b09d938637f14acb9f9f78892b1ce152d893e1bba47abb393f65cfb303c0594ea8dfd2edf05d952a537

  • memory/2012-54-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

  • memory/2012-58-0x00000000765F1000-0x00000000765F3000-memory.dmp

    Filesize

    8KB

  • memory/2012-60-0x00000000002D0000-0x00000000002DD000-memory.dmp

    Filesize

    52KB