Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
213s -
max time network
268s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
17/01/2024, 12:24
Static task
static1
Behavioral task
behavioral1
Sample
100.exe
Resource
win7-20231215-en
General
-
Target
100.exe
-
Size
25KB
-
MD5
23c4f8ea240f3902587b3da6b3c097af
-
SHA1
71739a20c3a6830ba814abb0805976d8b83b4d2a
-
SHA256
2bdba6391710b72526e5fae2069d571dfb608d27b2270fe90c5c6cb108cf04d9
-
SHA512
dd94ce1b2a287091fea5bd2fde3cc37868ab69d252c98e327744c7165a6079cdce48e99bd48b0fb3d5540551711e03e46e95c2bcf7388e8a177a6eb871313bb3
-
SSDEEP
384:sv3ZId+9pGU1UBuGcq91LKRQZZmeljFT5rIjku0/yfFZej1C74z+Hc:svpFbzsuGck1LUQye75obtMQS+8
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
5.251.209.159:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings 100.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2052 100.exe 5024 OpenWith.exe -
Suspicious use of SetWindowsHookEx 29 IoCs
pid Process 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe 5024 OpenWith.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\100.exe"C:\Users\Admin\AppData\Local\Temp\100.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2052
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5024
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
462KB
MD528b9c07bb90034cf94c3fb14d6e6c2a4
SHA1398d9b1e18ae55baab559fe50acd78ff991c42da
SHA256ee3c989a9ce6179639cfdc69f8002647efb00c58b765af578eef4765fa3827f7
SHA512bef1456f0828269cff246e1d695a3bad5e98d0833e057a9d2c0ddba48edf2cf311ca03ba3b3380fedd2dc1ed58b719fc37e005b3e0684e70cf294b4e5e5db497
-
Filesize
466KB
MD594a9d5f88b1e831788f55afef0673f12
SHA1a12000090c63a0b32668fca5e54cf98ca7183e8f
SHA25664962e1abee88b2d432f90355da3d7d68c1350eec6405d96cc986fe0dbf7d59a
SHA5124a6a6a63959f5958ed3c4380b5d4a84bc10cf57c14639213f565e35fd122f6fe936b6dc33f9e4d03c8509b6911aaa937717df9ae87e04c0078643536bd2b00e4
-
Filesize
396KB
MD541dff783a81a826ea0ea9388e9cd63b5
SHA14d49000173ae2ba43b59b20969be396b5b0a6392
SHA256fc1d6699a0507faaf8176f247dee451a4f4a60d764b0d5592b64a2faef4018ea
SHA5126762c4425ae6ea8f11d33c4ff91601c3751a3cdcf57130f0fda073c9e3683876ba9c7806e8a58a4a29bac6e8e5081318932874db4f4e5777536c038625b6c224
-
Filesize
225KB
MD5159e1c8f0873e10597c2d8645586e709
SHA1679753d83a9206eb3ac5816fd102b0904ccbbbc6
SHA2569c5c0177f893fb7a7e6e6459762fc74b4e5cbc865325e2075b5c205f453d7e59
SHA512efeef872dbfcae38f2eeb049c28e547f998b1d20a2795673fa5d344870b65c5ba0b918641f8f1bdd0be4b7bb0d102485e76010253b733ee220ea97b0f08e47a8
-
Filesize
275KB
MD5687efe93d05f6f630245fd2ca9411c64
SHA1922024ac95f9b165103acac108cd1c3e464f8d6d
SHA25692e98830e516160d3ed3baeb93fd067a08190faa61267650dd00e3608b6a0285
SHA51204ec7c1e9bb44f767c9c24f4d20b19066619278ee28e59850fc9f8ff34d05f12b4fea897d08c947f0e7f9ac64efd368922deef19a9f5e9331be85875c93ccf05
-
Filesize
551KB
MD561b3ad6a4f85f2eeef5dc62ff293f96e
SHA1be7cbcf0d147b181fd427767452ee5386719bf8d
SHA256c2837f4c1999cf3a76c4f98a78c7a5415ad06372a6a055492ecc5955f597317a
SHA51244f8fe42ee44df12a6b1e86c3571c4d3da0a03be6ab2d202dfe41704e85b1f677ef4aa2276f527661c1d34770c842bb6202ef6e8afce16dc8605bca17ceaf663
-
Filesize
550KB
MD58fbf4ed2180d2b5ee159038da41db7d3
SHA1d58da290a0fd44a2cd226e2d018724995937ed9d
SHA25610e6003aa78afb2a82fc2cb16e15c06f0f30f21e7d84e20de7231173c1a5623a
SHA51256fd260f5ee8717301219a3a89d991cde7fc1f6bd778f4613f8ac2f2cf21e0ccb9781fea68eb3c81a8a7f22379a4a264fbf3f0a3cd2463d4d9e308b72d697226
-
Filesize
576KB
MD54d3c2e5f84e809e3762bd1f2d2a47afe
SHA16ea1f6f1eace5503caee15f8a19b694effa3725d
SHA256f7a749a5f91038329ba92ca6e446d15e419b028f1336ba951ddaa3e9fc6d076c
SHA512bdb030062980748b1b3db0629afde254b5b3f80d151965e272e322a97da5c2bc1157701423e6696e6b7f7bd343612999bd63c43de0121e500e1a2815eb891667
-
Filesize
445KB
MD5d5a09cf1e72e23e185c7c86b8bf2d36a
SHA1c7cdd8c216a5558fe3a9779d7d23424883e68735
SHA2563d1243d6effbaa8c9ba95b3f4a7dd78466c667585336cbb924f0f540f4bef378
SHA512daa111bd7db3616778e8d01c8d21657a73c72c8c25d42321652b29723b377d57db1e287a5405645adec8dad525bc687661877dac6b260bf6108c4928e9a8f435
-
Filesize
322KB
MD585863e79e5ddee65011b654b0eaf5583
SHA16723648a69fbb99a01cf07fdc98d84c7e6a7406a
SHA2565bbf57eda30218bbfd0e22a9ae70fe56aca7560c6ebc64d7cffafcb3f12d0c1a
SHA51233ac71e12d24d5dfdac40ced590cb8f9de3b94146b774ae891e46f09a74d82090e9e7c2aea0847ee454e1d75b3a0a87fa295284e52f00d7de33da4c1aec6d1a5
-
Filesize
415KB
MD5366c35a97be2aee1e715a0669913bf78
SHA149f332559b92461002b88241321609d0cf7bee36
SHA256f3d623c7767c3d7d187609f16668fe8b1029b26d69bc8e73d18c55f5661acd40
SHA512a0d62aecb6ae051ec872cdd7e4fb678e27a31e13217ebb19305b398d0cb630a6c544e7bc0c85d468da4bf114d34e618d7542fa10c2e5333e78e35820c896babd
-
Filesize
471KB
MD50ad6ab46b12270956661458b3e3c61ab
SHA1777673f00e3f0fffa1651f0d76c4a22aa2ab37ce
SHA256cf2c5a38494de11d23653103c0a82a8e2286abb29fa73689cdc006b768eb6fd9
SHA512194df6028cefa2eba7842503fab044a77534c17c542accddb87d35a1b810173caf92923c79888e7a4b2c82627959f2eb14ba27eb7e64faca8335044b9b7b5966
-
Filesize
307KB
MD5bb452480fbecfa29bdad4398fb3f3216
SHA1bc3bf38cf80b5422ea5ab00481f81c6d2fb1c100
SHA2562484bac1b2537f9e46437be9a3bbd11ee3204d2eee76002cd2b5dab8286b5207
SHA512899693c0053fdd935773da8412518457fb1d9a2fa1778da37478afa2a4b8d8bd7815681a6232138fa68b53ccbf9127a2f6d2d7ceafbe8ff5ad174dc0c0f8108c
-
Filesize
425KB
MD57343d462986aad2378d645cb912bfe06
SHA10034d3e9098a727417f4434fd41d1ae3e4358e6e
SHA25608e938bac8c5aeabf39e523a6b3e8a8b810a0acbb678be9b9a75d80033fbc2c5
SHA512841159e2e89e90938a588d7d08e06d3b60f7101325170c51a0fd87c937ec5415c5f3eafe5edc0724ccfd51b4f3dc972f128fa25c1e76603f9512522687bd3561
-
Filesize
335KB
MD540316117e6c3dddc2dc900ffa61ae1e8
SHA1599f2b47e168f7743faa7d10dd80ca7efb4f5085
SHA2564e690ad86bb428122133f91264cd7ef9a41eb34b52c7bd2e0e47aeb580be6556
SHA51223e3265e72f0fa8d415765da3f528883cfc61d4bb25bf8afdb25db49749e43fcabfdf5721c5878e0437116b4e01079f3c84bf05fc88b174d5841696059548fa9
-
Filesize
360KB
MD5961a42f42359c2dffc2ce9c96a35aa12
SHA19112c4b02cc9d3433f2233f8ae64eb938b1cf6aa
SHA2565e176a236a911e3ac730d3c65011a32476a64754906bb5830cd0109c43bcd92d
SHA512a52402c205cb3c03c0ef044b8687020a86eec95d1620d659d1cc6fa3cc294e55a51eb0e256ea82cde10f6ffd48021cc14503ec0fb69c597761aafc0a00b87f23
-
Filesize
323KB
MD5d69ec48f32cb34de1ef0b95768bfb1e6
SHA1573e84a24774e84ed80541cfae0503114dcdb3eb
SHA2560a54903b2250b264a48b0f78f5e1377ae1c2aaaa6e9a5b06f7d788b4b66b406f
SHA51230bf6ef9eeea0573902ff30505d8a815f66a426e405b3b13a26147f8a6ef26c2c5187d1fdb4928ff678d91ffb8c67fc1d2432a5f83d85edaa536f2fce40a7449
-
Filesize
239KB
MD500f6af75005b6e69e61b3f4ee9fd3d8b
SHA12a57073c4ce7f33e17213b9f3c1c1ab0a766c276
SHA256fa5a870e0d3c577d07f2eee67872edcb4d2587de0cf9788aa59d8ffd3509291b
SHA512558f972eb8fb79aeb0815f1fcc95c2f6b74df71177d05847299fd5c10e10cbf1b1cee2bde048c624e5788dd58b3b15c46a6e3989eecc7291331c6edb2b2ba21d
-
Filesize
428KB
MD5f5103ac5ed2a16e2e3ca15b2252b1a33
SHA1e8b3d873be072de29954dca0f2d0bdfdd72f8938
SHA2568d2f248a4b19500d7f5d09854e1ba35b2e776deea43f8c4a229bcee1797598b0
SHA512c750bdfa4c99788729d418b169ce5aba0f8115f835b0d6e2bb32f5ef21512282f090ece969c5619e23f90ab0dfb17c74c8101a0418583850adbf626c996b5e4d
-
Filesize
381KB
MD5898eff15f6cb64552a0d8e7739f2ced2
SHA1129c238435f73cf82ca85505207ebaa6a4b6c815
SHA256525842177b56d680b578c1814d43ea9b7b0d3721094baf2c2bedbaa67a3045f6
SHA51249c5c8a8e186bdb3f6c1be5ce1f7c79532a305dd9a3fc093ddd55b0e7b8ca2b85e180ab3e652fc80cd3ad1c977842e38897ad4171b1f2687f2484b87ec824465