Malware Analysis Report

2024-10-24 17:03

Sample ID 220907-nqlj5shben
Target j1.exe
SHA256 44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3
Tags
runningrat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3

Threat Level: Known bad

The file j1.exe was found to be: Known bad.

Malicious Activity Summary

runningrat rat

RunningRat payload

Runningrat family

RunningRat

Loads dropped DLL

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-09-07 11:36

Signatures

RunningRat payload

Description Indicator Process Target
N/A N/A N/A N/A

Runningrat family

runningrat

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-07 11:36

Reported

2022-09-07 11:38

Platform

win7-20220812-en

Max time kernel

146s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\j1.exe"

Signatures

RunningRat

rat runningrat

RunningRat payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\j1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\j1.exe

"C:\Users\Admin\AppData\Local\Temp\j1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wuxi.tanxinyu.cn udp
HK 20.239.56.69:520 wuxi.tanxinyu.cn tcp
HK 20.239.56.69:520 wuxi.tanxinyu.cn tcp

Files

memory/1752-54-0x0000000010000000-0x000000001000F000-memory.dmp

\Users\Admin\AppData\Local\Temp\7080448.dll

MD5 fda4011b1bc36314ff6f009a182786fc
SHA1 f68da7d7f76292b38fe8da630428d783e49bed57
SHA256 a27e8cb44c016c70bc8e89d5536f212f4b988414360576e3d926355af4923e59
SHA512 b51eba880ad265458ad0fb9a4307f0ce4710d397c203832bb571f0e45bc4fcabf7664760e8957fcfe969bbaf8a7c7806f7fccc5ccb8bd492154a71f78f158da7

memory/1752-58-0x0000000076261000-0x0000000076263000-memory.dmp

memory/1752-60-0x0000000000350000-0x000000000035D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-09-07 11:36

Reported

2022-09-07 11:38

Platform

win10v2004-20220901-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\j1.exe"

Signatures

RunningRat

rat runningrat

RunningRat payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\j1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\j1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\j1.exe

"C:\Users\Admin\AppData\Local\Temp\j1.exe"

Network

Country Destination Domain Proto
US 209.197.3.8:80 tcp
US 8.8.8.8:53 wuxi.tanxinyu.cn udp
HK 20.239.56.69:520 wuxi.tanxinyu.cn tcp
FR 2.18.109.224:443 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
HK 20.239.56.69:520 wuxi.tanxinyu.cn tcp

Files

memory/3124-132-0x0000000010000000-0x000000001000F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\240562484.dll

MD5 0c600b671d8eac26cada2cd5c53cddbc
SHA1 e9b1161ceaeee1916959f6124678410b354e084c
SHA256 78f5370bb0e20e6e4357e6cddc9a67d4cba5a1be7af815a93607adf7b694bc57
SHA512 a08c5eced15ccb6c0825c3bef872c3135d2e472877c55f28d0df36b2f9862ebaae8431588cb393341b87c3ad1e64eea0783abdcb58d06400bf1e27d352766f9c

memory/3124-138-0x0000000000480000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\240562484.dll

MD5 0c600b671d8eac26cada2cd5c53cddbc
SHA1 e9b1161ceaeee1916959f6124678410b354e084c
SHA256 78f5370bb0e20e6e4357e6cddc9a67d4cba5a1be7af815a93607adf7b694bc57
SHA512 a08c5eced15ccb6c0825c3bef872c3135d2e472877c55f28d0df36b2f9862ebaae8431588cb393341b87c3ad1e64eea0783abdcb58d06400bf1e27d352766f9c