Overview

overview

10

Static

static

10

Plugin/cam.dll

windows7-x64

1

Plugin/cam.dll

windows10-2004-x64

1

Plugin/ch.dll

windows7-x64

1

Plugin/ch.dll

windows10-2004-x64

1

Plugin/mic.dll

windows7-x64

1

Plugin/mic.dll

windows10-2004-x64

1

Plugin/plg.dll

windows7-x64

1

Plugin/plg.dll

windows10-2004-x64

1

Plugin/pw.dll

windows7-x64

1

Plugin/pw.dll

windows10-2004-x64

1

Plugin/sc2.dll

windows7-x64

1

Plugin/sc2.dll

windows10-2004-x64

1

Stub.xml

windows7-x64

1

Stub.xml

windows10-2004-x64

1

WinMM.Net.dll

windows7-x64

1

WinMM.Net.dll

windows10-2004-x64

1

njRAT v0.7d.exe

windows7-x64

10

njRAT v0.7d.exe

windows10-2004-x64

10

stub.ps1

windows7-x64

1

stub.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stub.ps1

  • Size

    228KB

  • MD5

    2041e64bffccfbc9379235fdf294f188

  • SHA1

    19c1fd78e8f36493e2a9b1c0e437afc2416586f8

  • SHA256

    daa4362a762a472f717a480102883382b41dc5c17484f649272c5bdb5142917c

  • SHA512

    c5d5be4615767483432287d3486e805d6744d45a5eac6445cef87ce1e8475bcdbb521dcd8d1c7918d8d73d6634617842b67290bc4fb734a4ab31dfe7daaaec13

  • SSDEEP

    6144:AdCb38V4N80EC7PAdpJZrLZ9u4zDdyxGu8VnNQUC:AdCb38V4N80EC7PAdzZrLZ9u4zDdyxGG

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\stub.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1728-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1728-55-0x000007FEF33F0000-0x000007FEF3E13000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1728-57-0x0000000002584000-0x0000000002587000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1728-56-0x000007FEF2890000-0x000007FEF33ED000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1728-58-0x000000000258B000-0x00000000025AA000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1728-59-0x0000000002584000-0x0000000002587000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1728-60-0x000000000258B000-0x00000000025AA000-memory.dmp
    Filesize

    124KB

    Download