hxxps://github[.]com/JumperYT-official/njRAT-Platinum-Edition-RuS

max time kernel
237s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355706122567595"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
236	chrome.exe
236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 3636	236	chrome.exe	57
PID 236 wrote to memory of 3636	236	chrome.exe	57
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 4864	236	chrome.exe	82
PID 236 wrote to memory of 1896	236	chrome.exe	83
PID 236 wrote to memory of 1896	236	chrome.exe	83
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84
PID 236 wrote to memory of 4440	236	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c63f9758,0x7ff9c63f9768,0x7ff9c63f9778
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2416 --field-trial-handle=1664,i,8209500069557624696,7529783111887407448,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
95f870e5e984afda43e97f24e9b9dbb5

SHA1
dc6bfec8fff71fb2a91c52c7b6fc4ded3798dd13

SHA256
0fd904d17d7a83f382f73e21f6c8c8fad6e1842f75cc67a6ebcd23282b0c3091

SHA512
1dcfdba3d28136e9f3f2499800a63421fb6db2f490f10e057864ad99fbff92ac3fad05e02c9a89c754344ccdc40fbf985fe49e9df6fdd9bf213a5b260b5d85fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
da23463cf4223034da49fa8c34002417

SHA1
06ebf58c1ebd2558afc59340ca13c129bd97149b

SHA256
254a9b9fa5aeec2a6581405e71721f2f143d5923b7587e17e80d022ba478b705

SHA512
a5b642eea087b751876ca594d29bc9799f0ce509f8c376f8384a75a3c93321f5dcfe667fbae734350568d4708365d63c59edecb38fedb63bb0c211a170871dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70c4ebfb7951e18af824758fceed2cf9

SHA1
326fd63d1aea8d79fb5c49990f3bd5f8bd708dba

SHA256
4546a11b779885b28c781987e94817ec07cf2ce33bea3782c5079436c3ab27e5

SHA512
e8bda264d5f8ddbb9d5a300e0c315ccc15f41595d424ac7bdb0e371f70679dd4c0d380288a95d5484fdaf2365666e6ae274bb4e249dfc977c5cad2f9a7b205f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b2cf28aaef9fe67c9a4343a8d16d9b8

SHA1
735cd592608defa8a8e6aa0b2cb8452ab442ca86

SHA256
a8ce811962884b35bee95db2b63bc8b414c93b5b141d7f10d53732806b7b2fff

SHA512
12872baff406de8e18903b1e8da07f39f234a7444d7c4b50d12f42bd8e3276e060f46dd5028fe08a5dfc8d7f94db70bb91feeebf469dd0387dd32447476bdb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f12f9be935eaf442e925c7a789cdbba

SHA1
71d76595c9c6bbb977993db0804543bb8a0518a5

SHA256
d9064c23e0af99e9752f965c7e0cf93259ee41a2ab9edf8c8c188dad82259738

SHA512
62c9b7999a4a691290fe27c06f61a0532acfafc6804c30af87c7b4bd022ea64fa252e044fe4ef06afcf6e292fd4bef036da6bace433f425da08439937942ecda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
534d71ab78eb7474248e575982c65fe6

SHA1
e3c95e5bce420908ab2357f2ea4e74a7102877d3

SHA256
f5e3e608bf7f29434250f42becfc8b43107e8b3f73474f4108a982f19925e4cd

SHA512
b21631aa7e9158f9de136c5a2acbfc4cc7fdbd24c197bcd6d1209630575b621f4b9d829b87b1b69506884e9ba98104015a1809900f4a1414a2c19b5b42a2c200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
2738e5f3af7ee53eef8901a791f11b6a

SHA1
61977b220bd1a7253a181aa96dc31185473847f0

SHA256
820c2c04655c09e5a336298d40040b14fea36f83b0f8c3df9f82c19d7f59e7f4

SHA512
64781a5288d409a6414ee2bfc067202ed7c7dc5a84acd982f36a40d016b01bb22a0a2e8a38784860e1ebdb0c391df947411c8e97977a221e0f6a37ebf5a4b85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit