Analysis Overview
SHA256
44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3
Threat Level: Known bad
The file j1.exe was found to be: Known bad.
Malicious Activity Summary
RunningRat payload
Runningrat family
RunningRat
Loads dropped DLL
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-07 11:36
Signatures
RunningRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Runningrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-07 11:36
Reported
2022-09-07 11:38
Platform
win7-20220812-en
Max time kernel
146s
Max time network
155s
Command Line
Signatures
RunningRat
RunningRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\j1.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\j1.exe
"C:\Users\Admin\AppData\Local\Temp\j1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wuxi.tanxinyu.cn | udp |
| HK | 20.239.56.69:520 | wuxi.tanxinyu.cn | tcp |
| HK | 20.239.56.69:520 | wuxi.tanxinyu.cn | tcp |
Files
memory/1752-54-0x0000000010000000-0x000000001000F000-memory.dmp
\Users\Admin\AppData\Local\Temp\7080448.dll
| MD5 | fda4011b1bc36314ff6f009a182786fc |
| SHA1 | f68da7d7f76292b38fe8da630428d783e49bed57 |
| SHA256 | a27e8cb44c016c70bc8e89d5536f212f4b988414360576e3d926355af4923e59 |
| SHA512 | b51eba880ad265458ad0fb9a4307f0ce4710d397c203832bb571f0e45bc4fcabf7664760e8957fcfe969bbaf8a7c7806f7fccc5ccb8bd492154a71f78f158da7 |
memory/1752-58-0x0000000076261000-0x0000000076263000-memory.dmp
memory/1752-60-0x0000000000350000-0x000000000035D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-07 11:36
Reported
2022-09-07 11:38
Platform
win10v2004-20220901-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
RunningRat
RunningRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\j1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\j1.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\j1.exe
"C:\Users\Admin\AppData\Local\Temp\j1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | wuxi.tanxinyu.cn | udp |
| HK | 20.239.56.69:520 | wuxi.tanxinyu.cn | tcp |
| FR | 2.18.109.224:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| HK | 20.239.56.69:520 | wuxi.tanxinyu.cn | tcp |
Files
memory/3124-132-0x0000000010000000-0x000000001000F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\240562484.dll
| MD5 | 0c600b671d8eac26cada2cd5c53cddbc |
| SHA1 | e9b1161ceaeee1916959f6124678410b354e084c |
| SHA256 | 78f5370bb0e20e6e4357e6cddc9a67d4cba5a1be7af815a93607adf7b694bc57 |
| SHA512 | a08c5eced15ccb6c0825c3bef872c3135d2e472877c55f28d0df36b2f9862ebaae8431588cb393341b87c3ad1e64eea0783abdcb58d06400bf1e27d352766f9c |
memory/3124-138-0x0000000000480000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\240562484.dll
| MD5 | 0c600b671d8eac26cada2cd5c53cddbc |
| SHA1 | e9b1161ceaeee1916959f6124678410b354e084c |
| SHA256 | 78f5370bb0e20e6e4357e6cddc9a67d4cba5a1be7af815a93607adf7b694bc57 |
| SHA512 | a08c5eced15ccb6c0825c3bef872c3135d2e472877c55f28d0df36b2f9862ebaae8431588cb393341b87c3ad1e64eea0783abdcb58d06400bf1e27d352766f9c |