Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
13/08/2023, 13:43
230813-q1pqnacg82 113/08/2023, 12:39
230813-pv3vnaec2s 813/08/2023, 12:30
230813-ppx28aeb2v 1003/08/2023, 21:26
230803-1af1yagb76 803/08/2023, 21:09
230803-zzwx1shc9w 803/08/2023, 21:06
230803-zx1heshc8z 103/08/2023, 12:27
230803-pmqkcsdb83 1003/08/2023, 12:22
230803-pjznvsed3y 1001/08/2023, 14:17
230801-rlneqahd3s 8Analysis
-
max time kernel
56s -
max time network
58s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
13/08/2023, 13:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
1800 seconds
General
-
Target
https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133364078532283731" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1412 chrome.exe 1412 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1412 chrome.exe 1412 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1412 wrote to memory of 4812 1412 chrome.exe 82 PID 1412 wrote to memory of 4812 1412 chrome.exe 82 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 4416 1412 chrome.exe 84 PID 1412 wrote to memory of 2524 1412 chrome.exe 86 PID 1412 wrote to memory of 2524 1412 chrome.exe 86 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85 PID 1412 wrote to memory of 4768 1412 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3c499758,0x7ffc3c499768,0x7ffc3c4997782⤵PID:4812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:22⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:82⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:82⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:12⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:12⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1860,i,3269576260990176258,6191696388844495410,131072 /prefetch:82⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2192
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD59b1cb404ee77d99d863e12b2d0b567d4
SHA103190614cbc15b5a09fb3d0785ecb746b3fb00e8
SHA256d3bf6676d314ca9d554630e258d6863115e1031e27bb30345dcf5c0507661662
SHA5128069a559a835870cb21b7e7f5e554598dffd5a7c4a6f40aebeb388037a7273bb1bdd4dc2c1494ba88c20171c44d59de5571ae31335d399839641c02bec0c2d55
-
Filesize
1KB
MD5057273bad0ff31f1326cc9cf037e1368
SHA17df2f13fb219021ee745ade9d07d21d6fd1fd3e9
SHA256003b55a4a5ca3b9566cb3742e2ac5646c9c440d6021ad7b2ee25f4f5d38c571c
SHA5129a945847633478ea3e355a3b425e2c34c0ed0e771ded6fd717c3740bd45c0876965b983ce6dcc8fe0721df8101316cde560c6ff92f455c189cacad64dbd31427
-
Filesize
1KB
MD520736e6b7fe8591167c882f4714f9489
SHA10bc0607cf106f8ae486fa926343751aaf0fb48d9
SHA256b3f4369bda6c53cf0d9a5e989f964b25874ef8f3f438708a4beada5948480f1e
SHA5120884b8223e848203d6ee7426e367c618f43ef718c733780e2f22b28954f40690d3865e0ac213a478f368a4b927ba08f0a6143f395390f1247603fea6885234c1
-
Filesize
6KB
MD569cf2ea1ff5f0a66978d9f234a23425b
SHA196652a9d53c31850bc07cb0f0c2cbad6502d444d
SHA256f41ffa35dcd9011b5edf369a885c8e6f1d18514b2de155741e0b1341179a1d7f
SHA5126f010ff7a0c3ed2f320790bc3ddd9df3ef3d9470fec23db75b11499ac753ef79aba72f45646525e5f6480d4a7392a600c95fd09ba0a94e0b9b1404eb153e9b52
-
Filesize
6KB
MD565aca1c20adb232ee2ac442be9da0919
SHA1933ab04936b26f33371b3567c4327429639f1fde
SHA256ed7b9e882b045847559873935add906bb410247996317716387a6f98e7fb558b
SHA5125dc1a7c2e589f166be7cadcdb73de9983706f89191d9c40602ce6a66fbe134771013781088c83c6abbcc93809b7f7ef06f74209c4d949ce7a7eb1100ac5fe8f2
-
Filesize
87KB
MD5d14384297f77fad113325df7b7e7d1b4
SHA1c486ddf4298db310fa68404aca1c45bb1849bce0
SHA256c4a610a156b1dbd2ead57ba890befb4dd672d84a297410c915229c0f10aff753
SHA512706c0f63ad91dc62e25cc9fe59a952b21e03fa3116efcb12c2f0f64fc46a1c7c46d7464d458a0d865d0a0b4bc73c415d55ff24f7aa30f64f374f8051fa0be667
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd