Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2022 11:36
Behavioral task
behavioral1
Sample
j1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
j1.exe
Resource
win10v2004-20220901-en
General
-
Target
j1.exe
-
Size
68KB
-
MD5
0816e820c5380f3690a605ed21e16680
-
SHA1
4240d81fb389f59a8e245ee4a2d2dba9b02023d4
-
SHA256
44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3
-
SHA512
bb7d23cbfe7ce094d6e80e29d0915aa4a9c612471313e1c838bd7e57cec66a5c7c33f1846e3d80726db1c4583838d73b9b10e72f1e97320423b0af89ceeb5812
-
SSDEEP
768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMI6V:BHJaAoHoc2x7bZoYBAcQlwJdM2
Malware Config
Signatures
-
RunningRat
RunningRat is a remote access trojan first seen in 2018.
-
RunningRat payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3124-132-0x0000000010000000-0x000000001000F000-memory.dmp family_runningrat -
Loads dropped DLL 2 IoCs
Processes:
j1.exepid process 3124 j1.exe 3124 j1.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD50c600b671d8eac26cada2cd5c53cddbc
SHA1e9b1161ceaeee1916959f6124678410b354e084c
SHA25678f5370bb0e20e6e4357e6cddc9a67d4cba5a1be7af815a93607adf7b694bc57
SHA512a08c5eced15ccb6c0825c3bef872c3135d2e472877c55f28d0df36b2f9862ebaae8431588cb393341b87c3ad1e64eea0783abdcb58d06400bf1e27d352766f9c
-
Filesize
37KB
MD50c600b671d8eac26cada2cd5c53cddbc
SHA1e9b1161ceaeee1916959f6124678410b354e084c
SHA25678f5370bb0e20e6e4357e6cddc9a67d4cba5a1be7af815a93607adf7b694bc57
SHA512a08c5eced15ccb6c0825c3bef872c3135d2e472877c55f28d0df36b2f9862ebaae8431588cb393341b87c3ad1e64eea0783abdcb58d06400bf1e27d352766f9c