hxxps://github[.]com/JumperYT-official/njRAT-Platinum-Edition-RuS

max time kernel
175s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355704139201656"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
648	chrome.exe
648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 3792	648	chrome.exe	36
PID 648 wrote to memory of 3792	648	chrome.exe	36
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 4212	648	chrome.exe	89
PID 648 wrote to memory of 856	648	chrome.exe	88
PID 648 wrote to memory of 856	648	chrome.exe	88
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90
PID 648 wrote to memory of 1996	648	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea0f59758,0x7ffea0f59768,0x7ffea0f59778
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:2
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1880,i,5506505161780873193,9278061216361496529,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f942f8ae663f0375e7b7413f55bb835e

SHA1
76b1755030b68086150afb363000ebeb3baf4bf6

SHA256
01c5935d4f2af690e707429ce27ad7c26b309f7d471ef6e5a34df7a1ce05646f

SHA512
0139c85153153193735199c7151b5b47375b2a0e0a4a3c8cda2bd8916e143c0466c18913c9388e06f64ecadd8405ab2dc7cc01b7d5a4416837682414f20d6d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\76f967b8-36d3-4470-8474-3b8ba9e0f71f.tmp

Filesize
1KB

MD5
507e216c8c38bd4b9766aa918039da47

SHA1
4b13685c5bd264a1cce661b476a10738ed64ad5a

SHA256
fc919e7a80df929503f58e94a6011aa5d79cbfc8b9a867d71b0654abb6a49f9f

SHA512
aef76d14257b01ea57b847985ac997ca3f86b1715b34a640ae1f6dd6a24ed515c7e74f6d0aafeeccec493d4f9f635d646a9e716cc1289cb6806e816b8c0d56c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d8aa160515af08840c8d2744c810f6f

SHA1
883f28e6781b4dff6aa7b1721757632c50a36af2

SHA256
270dd99c9bad09356d26af80b24752b046343dece9b3dad1bc69072c40250c1a

SHA512
9f446a32565e826b983814c54847ef4a722b63edf2d518ec1321839e06043d60b4a19016a54d0a8b2755b9b70e4edafcea30453be8304b9741473f3f25f11a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15856e464009f0e07679c1ac143b5474

SHA1
702e1260043a5c722f219147f428f478cf2097a1

SHA256
3628e3df79ee012dfe29bd0f918c2fcfca50fd062f590b7e9edc2bf78fdf8157

SHA512
2754034660720474657d637f4e94cde1a8d191c7cf5d6d650868b66e57928fe6e1199e0eee2e4b10307b9b0058663298144932fe8ea29b40edf2a202393ca344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e922e91767237d1a6e6c7f3ed827893b

SHA1
11fc0d4e2814b3d4b74f4bc68bc89fc0089f48f9

SHA256
d6333ec5c950f79ef69b2ea367809198572761b4c8f3dfdf2ef5846c5133865c

SHA512
38a92dc648647fbc2555e57b3d7cd5a6c5c5713b4d74a272dee64cf14600a9f93d764391eefc9f6344ed1b7913dc4eb5d1d4cb6a39ab23a4552509446e17a674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit