hxxps://github[.]com/JumperYT-official/njRAT-Platinum-Edition-RuS

max time kernel
8s
max time network
55s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03-08-2023 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2536	1316	chrome.exe	28
PID 1316 wrote to memory of 2536	1316	chrome.exe	28
PID 1316 wrote to memory of 2536	1316	chrome.exe	28
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 856	1316	chrome.exe	30
PID 1316 wrote to memory of 2840	1316	chrome.exe	31
PID 1316 wrote to memory of 2840	1316	chrome.exe	31
PID 1316 wrote to memory of 2840	1316	chrome.exe	31
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32
PID 1316 wrote to memory of 2872	1316	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7009758,0x7fef7009768,0x7fef7009778
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:2
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1260,i,11558500655256278638,16575728621718547040,131072 /prefetch:8
  2⤵
  PID:2156

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5ce2901092b73309b1dbc50d6c9f6cb3

SHA1
d1b37dfc614fb6e62c7d557a0c30b73f16cf8583

SHA256
19a1f372edc8b7c2085e95142200d94f39254751d0ef96d5661d0e661d7a6ca4

SHA512
a25d311e8864a9a00eda4bcc2b1b7c4897b37a34d8ed23ccef497b61a0e6dede7e1d4ee8c1b6c128da98fce750d7904a5a472715e26312cbc81ab59480d99789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8BFC.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C0F.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit