d9a826109c0b31043a6a74cbd1e15d1cb0c9138c9a8a823d6595eb6989f47dc9 | Triage

Analysis

max time kernel
134s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 23:49

Sharing

Report Analysis Logs

General

Target

njRAT 0.7d Horror Edition/Plugin/cam.dll
Size

99KB
MD5

8ce3060686462fc72ece2701caa13e3b
SHA1

19fc9892200de4db332ddd0c14b4b6fd9a35ccd4
SHA256

881d5afb9aa4799c73e75dcd28587dba85dd844e4137287ea48c6b66525e2638
SHA512

ef38e00b054240a0d4747bfd79db860015ed027735c360de58af6889a69482109ccf74770608a2750542457ac38aa79367431ff6ca77fae44d7e3a7023f33a17
SSDEEP

3072:31IL2SeOPGmBUMqtZabredepzZxgUPWeJP3:w2Sm/MqueepzZxgQW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1736	5012	rundll32.exe	86
PID 5012 wrote to memory of 1736	5012	rundll32.exe	86
PID 5012 wrote to memory of 1736	5012	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\njRAT 0.7d Horror Edition\Plugin\cam.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\njRAT 0.7d Horror Edition\Plugin\cam.dll",#1
  2⤵
  PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads