Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2022 20:35

General

  • Target

    j1.exe

  • Size

    68KB

  • MD5

    0816e820c5380f3690a605ed21e16680

  • SHA1

    4240d81fb389f59a8e245ee4a2d2dba9b02023d4

  • SHA256

    44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3

  • SHA512

    bb7d23cbfe7ce094d6e80e29d0915aa4a9c612471313e1c838bd7e57cec66a5c7c33f1846e3d80726db1c4583838d73b9b10e72f1e97320423b0af89ceeb5812

Score
10/10

Malware Config

Signatures

  • RunningRat

    RunningRat is a remote access trojan first seen in 2018.

  • RunningRat payload 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\j1.exe
    "C:\Users\Admin\AppData\Local\Temp\j1.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    PID:4860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\240545546.dll

    Filesize

    37KB

    MD5

    4ae6358f0925de54dc99473ea6c25b69

    SHA1

    c422ba6cab67a1c17b9d7bc86e5823b82c635e5e

    SHA256

    5353709baadace594247c5cb5b37d1d5113dcc89594e205db91f1a2854bb540b

    SHA512

    a57b393df7768eb0ed0be9e13d5bcc721fad657dcc091c4d16c8b4958e46283d7b92d3a5ae235214f8bb40939526198e9a2c2540ba67c7ef05a8ebc844d987e0

  • C:\Users\Admin\AppData\Local\Temp\240545546.dll

    Filesize

    37KB

    MD5

    4ae6358f0925de54dc99473ea6c25b69

    SHA1

    c422ba6cab67a1c17b9d7bc86e5823b82c635e5e

    SHA256

    5353709baadace594247c5cb5b37d1d5113dcc89594e205db91f1a2854bb540b

    SHA512

    a57b393df7768eb0ed0be9e13d5bcc721fad657dcc091c4d16c8b4958e46283d7b92d3a5ae235214f8bb40939526198e9a2c2540ba67c7ef05a8ebc844d987e0

  • memory/4860-132-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

  • memory/4860-138-0x00000000005E0000-0x00000000005ED000-memory.dmp

    Filesize

    52KB