Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    213s
  • max time network
    268s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2024, 12:24

General

  • Target

    100.exe

  • Size

    25KB

  • MD5

    23c4f8ea240f3902587b3da6b3c097af

  • SHA1

    71739a20c3a6830ba814abb0805976d8b83b4d2a

  • SHA256

    2bdba6391710b72526e5fae2069d571dfb608d27b2270fe90c5c6cb108cf04d9

  • SHA512

    dd94ce1b2a287091fea5bd2fde3cc37868ab69d252c98e327744c7165a6079cdce48e99bd48b0fb3d5540551711e03e46e95c2bcf7388e8a177a6eb871313bb3

  • SSDEEP

    384:sv3ZId+9pGU1UBuGcq91LKRQZZmeljFT5rIjku0/yfFZej1C74z+Hc:svpFbzsuGck1LUQye75obtMQS+8

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

5.251.209.159:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\100.exe
    "C:\Users\Admin\AppData\Local\Temp\100.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2052
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:5024
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\DismountRead.wav

      Filesize

      462KB

      MD5

      28b9c07bb90034cf94c3fb14d6e6c2a4

      SHA1

      398d9b1e18ae55baab559fe50acd78ff991c42da

      SHA256

      ee3c989a9ce6179639cfdc69f8002647efb00c58b765af578eef4765fa3827f7

      SHA512

      bef1456f0828269cff246e1d695a3bad5e98d0833e057a9d2c0ddba48edf2cf311ca03ba3b3380fedd2dc1ed58b719fc37e005b3e0684e70cf294b4e5e5db497

    • C:\Users\Admin\Desktop\EnableConvertTo.css

      Filesize

      466KB

      MD5

      94a9d5f88b1e831788f55afef0673f12

      SHA1

      a12000090c63a0b32668fca5e54cf98ca7183e8f

      SHA256

      64962e1abee88b2d432f90355da3d7d68c1350eec6405d96cc986fe0dbf7d59a

      SHA512

      4a6a6a63959f5958ed3c4380b5d4a84bc10cf57c14639213f565e35fd122f6fe936b6dc33f9e4d03c8509b6911aaa937717df9ae87e04c0078643536bd2b00e4

    • C:\Users\Admin\Desktop\ExitClear.scf

      Filesize

      396KB

      MD5

      41dff783a81a826ea0ea9388e9cd63b5

      SHA1

      4d49000173ae2ba43b59b20969be396b5b0a6392

      SHA256

      fc1d6699a0507faaf8176f247dee451a4f4a60d764b0d5592b64a2faef4018ea

      SHA512

      6762c4425ae6ea8f11d33c4ff91601c3751a3cdcf57130f0fda073c9e3683876ba9c7806e8a58a4a29bac6e8e5081318932874db4f4e5777536c038625b6c224

    • C:\Users\Admin\Desktop\FormatSync.pub

      Filesize

      225KB

      MD5

      159e1c8f0873e10597c2d8645586e709

      SHA1

      679753d83a9206eb3ac5816fd102b0904ccbbbc6

      SHA256

      9c5c0177f893fb7a7e6e6459762fc74b4e5cbc865325e2075b5c205f453d7e59

      SHA512

      efeef872dbfcae38f2eeb049c28e547f998b1d20a2795673fa5d344870b65c5ba0b918641f8f1bdd0be4b7bb0d102485e76010253b733ee220ea97b0f08e47a8

    • C:\Users\Admin\Desktop\GrantUndo.wmv

      Filesize

      275KB

      MD5

      687efe93d05f6f630245fd2ca9411c64

      SHA1

      922024ac95f9b165103acac108cd1c3e464f8d6d

      SHA256

      92e98830e516160d3ed3baeb93fd067a08190faa61267650dd00e3608b6a0285

      SHA512

      04ec7c1e9bb44f767c9c24f4d20b19066619278ee28e59850fc9f8ff34d05f12b4fea897d08c947f0e7f9ac64efd368922deef19a9f5e9331be85875c93ccf05

    • C:\Users\Admin\Desktop\HideUnregister.svgz

      Filesize

      551KB

      MD5

      61b3ad6a4f85f2eeef5dc62ff293f96e

      SHA1

      be7cbcf0d147b181fd427767452ee5386719bf8d

      SHA256

      c2837f4c1999cf3a76c4f98a78c7a5415ad06372a6a055492ecc5955f597317a

      SHA512

      44f8fe42ee44df12a6b1e86c3571c4d3da0a03be6ab2d202dfe41704e85b1f677ef4aa2276f527661c1d34770c842bb6202ef6e8afce16dc8605bca17ceaf663

    • C:\Users\Admin\Desktop\InstallStep.docx

      Filesize

      550KB

      MD5

      8fbf4ed2180d2b5ee159038da41db7d3

      SHA1

      d58da290a0fd44a2cd226e2d018724995937ed9d

      SHA256

      10e6003aa78afb2a82fc2cb16e15c06f0f30f21e7d84e20de7231173c1a5623a

      SHA512

      56fd260f5ee8717301219a3a89d991cde7fc1f6bd778f4613f8ac2f2cf21e0ccb9781fea68eb3c81a8a7f22379a4a264fbf3f0a3cd2463d4d9e308b72d697226

    • C:\Users\Admin\Desktop\LockLimit.emz

      Filesize

      576KB

      MD5

      4d3c2e5f84e809e3762bd1f2d2a47afe

      SHA1

      6ea1f6f1eace5503caee15f8a19b694effa3725d

      SHA256

      f7a749a5f91038329ba92ca6e446d15e419b028f1336ba951ddaa3e9fc6d076c

      SHA512

      bdb030062980748b1b3db0629afde254b5b3f80d151965e272e322a97da5c2bc1157701423e6696e6b7f7bd343612999bd63c43de0121e500e1a2815eb891667

    • C:\Users\Admin\Desktop\ProtectUpdate.png

      Filesize

      445KB

      MD5

      d5a09cf1e72e23e185c7c86b8bf2d36a

      SHA1

      c7cdd8c216a5558fe3a9779d7d23424883e68735

      SHA256

      3d1243d6effbaa8c9ba95b3f4a7dd78466c667585336cbb924f0f540f4bef378

      SHA512

      daa111bd7db3616778e8d01c8d21657a73c72c8c25d42321652b29723b377d57db1e287a5405645adec8dad525bc687661877dac6b260bf6108c4928e9a8f435

    • C:\Users\Admin\Desktop\ReadOptimize.wav

      Filesize

      322KB

      MD5

      85863e79e5ddee65011b654b0eaf5583

      SHA1

      6723648a69fbb99a01cf07fdc98d84c7e6a7406a

      SHA256

      5bbf57eda30218bbfd0e22a9ae70fe56aca7560c6ebc64d7cffafcb3f12d0c1a

      SHA512

      33ac71e12d24d5dfdac40ced590cb8f9de3b94146b774ae891e46f09a74d82090e9e7c2aea0847ee454e1d75b3a0a87fa295284e52f00d7de33da4c1aec6d1a5

    • C:\Users\Admin\Desktop\RequestConvert.ogg

      Filesize

      415KB

      MD5

      366c35a97be2aee1e715a0669913bf78

      SHA1

      49f332559b92461002b88241321609d0cf7bee36

      SHA256

      f3d623c7767c3d7d187609f16668fe8b1029b26d69bc8e73d18c55f5661acd40

      SHA512

      a0d62aecb6ae051ec872cdd7e4fb678e27a31e13217ebb19305b398d0cb630a6c544e7bc0c85d468da4bf114d34e618d7542fa10c2e5333e78e35820c896babd

    • C:\Users\Admin\Desktop\RestartSave.wvx

      Filesize

      471KB

      MD5

      0ad6ab46b12270956661458b3e3c61ab

      SHA1

      777673f00e3f0fffa1651f0d76c4a22aa2ab37ce

      SHA256

      cf2c5a38494de11d23653103c0a82a8e2286abb29fa73689cdc006b768eb6fd9

      SHA512

      194df6028cefa2eba7842503fab044a77534c17c542accddb87d35a1b810173caf92923c79888e7a4b2c82627959f2eb14ba27eb7e64faca8335044b9b7b5966

    • C:\Users\Admin\Desktop\ResumeOut.mid

      Filesize

      307KB

      MD5

      bb452480fbecfa29bdad4398fb3f3216

      SHA1

      bc3bf38cf80b5422ea5ab00481f81c6d2fb1c100

      SHA256

      2484bac1b2537f9e46437be9a3bbd11ee3204d2eee76002cd2b5dab8286b5207

      SHA512

      899693c0053fdd935773da8412518457fb1d9a2fa1778da37478afa2a4b8d8bd7815681a6232138fa68b53ccbf9127a2f6d2d7ceafbe8ff5ad174dc0c0f8108c

    • C:\Users\Admin\Desktop\SearchUninstall.ram

      Filesize

      425KB

      MD5

      7343d462986aad2378d645cb912bfe06

      SHA1

      0034d3e9098a727417f4434fd41d1ae3e4358e6e

      SHA256

      08e938bac8c5aeabf39e523a6b3e8a8b810a0acbb678be9b9a75d80033fbc2c5

      SHA512

      841159e2e89e90938a588d7d08e06d3b60f7101325170c51a0fd87c937ec5415c5f3eafe5edc0724ccfd51b4f3dc972f128fa25c1e76603f9512522687bd3561

    • C:\Users\Admin\Desktop\SelectMeasure.vstx

      Filesize

      335KB

      MD5

      40316117e6c3dddc2dc900ffa61ae1e8

      SHA1

      599f2b47e168f7743faa7d10dd80ca7efb4f5085

      SHA256

      4e690ad86bb428122133f91264cd7ef9a41eb34b52c7bd2e0e47aeb580be6556

      SHA512

      23e3265e72f0fa8d415765da3f528883cfc61d4bb25bf8afdb25db49749e43fcabfdf5721c5878e0437116b4e01079f3c84bf05fc88b174d5841696059548fa9

    • C:\Users\Admin\Desktop\StartSuspend.scf

      Filesize

      360KB

      MD5

      961a42f42359c2dffc2ce9c96a35aa12

      SHA1

      9112c4b02cc9d3433f2233f8ae64eb938b1cf6aa

      SHA256

      5e176a236a911e3ac730d3c65011a32476a64754906bb5830cd0109c43bcd92d

      SHA512

      a52402c205cb3c03c0ef044b8687020a86eec95d1620d659d1cc6fa3cc294e55a51eb0e256ea82cde10f6ffd48021cc14503ec0fb69c597761aafc0a00b87f23

    • C:\Users\Admin\Desktop\SyncApprove.cr2

      Filesize

      323KB

      MD5

      d69ec48f32cb34de1ef0b95768bfb1e6

      SHA1

      573e84a24774e84ed80541cfae0503114dcdb3eb

      SHA256

      0a54903b2250b264a48b0f78f5e1377ae1c2aaaa6e9a5b06f7d788b4b66b406f

      SHA512

      30bf6ef9eeea0573902ff30505d8a815f66a426e405b3b13a26147f8a6ef26c2c5187d1fdb4928ff678d91ffb8c67fc1d2432a5f83d85edaa536f2fce40a7449

    • C:\Users\Admin\Desktop\UnlockPublish.vdw

      Filesize

      239KB

      MD5

      00f6af75005b6e69e61b3f4ee9fd3d8b

      SHA1

      2a57073c4ce7f33e17213b9f3c1c1ab0a766c276

      SHA256

      fa5a870e0d3c577d07f2eee67872edcb4d2587de0cf9788aa59d8ffd3509291b

      SHA512

      558f972eb8fb79aeb0815f1fcc95c2f6b74df71177d05847299fd5c10e10cbf1b1cee2bde048c624e5788dd58b3b15c46a6e3989eecc7291331c6edb2b2ba21d

    • C:\Users\Admin\Desktop\UnpublishGroup.jpg

      Filesize

      428KB

      MD5

      f5103ac5ed2a16e2e3ca15b2252b1a33

      SHA1

      e8b3d873be072de29954dca0f2d0bdfdd72f8938

      SHA256

      8d2f248a4b19500d7f5d09854e1ba35b2e776deea43f8c4a229bcee1797598b0

      SHA512

      c750bdfa4c99788729d418b169ce5aba0f8115f835b0d6e2bb32f5ef21512282f090ece969c5619e23f90ab0dfb17c74c8101a0418583850adbf626c996b5e4d

    • C:\Users\Admin\Desktop\WriteOut.search-ms

      Filesize

      381KB

      MD5

      898eff15f6cb64552a0d8e7739f2ced2

      SHA1

      129c238435f73cf82ca85505207ebaa6a4b6c815

      SHA256

      525842177b56d680b578c1814d43ea9b7b0d3721094baf2c2bedbaa67a3045f6

      SHA512

      49c5c8a8e186bdb3f6c1be5ce1f7c79532a305dd9a3fc093ddd55b0e7b8ca2b85e180ab3e652fc80cd3ad1c977842e38897ad4171b1f2687f2484b87ec824465

    • memory/2052-0-0x0000000000180000-0x0000000000188000-memory.dmp

      Filesize

      32KB

    • memory/2052-7-0x00007FF9A7290000-0x00007FF9A7D51000-memory.dmp

      Filesize

      10.8MB

    • memory/2052-3-0x0000000002300000-0x0000000002310000-memory.dmp

      Filesize

      64KB

    • memory/2052-2-0x00007FF9A7290000-0x00007FF9A7D51000-memory.dmp

      Filesize

      10.8MB

    • memory/2052-1-0x0000000000930000-0x0000000000942000-memory.dmp

      Filesize

      72KB