Analysis
-
max time kernel
1742s -
max time network
1758s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
20/02/2024, 16:36
General
-
Target
https://github.com/simalei/njRAT/releases/tag/v0.7D
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/simalei/njRAT/releases/tag/v0.7D"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/simalei/njRAT/releases/tag/v0.7D2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.0.2123699508\2098924148" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dd7cc15-6a9d-41c8-a652-6df6f5ef33fb} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 1960 13f627f7f58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.1.1028207725\2033005865" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d75780a6-da42-457c-b1ad-2622833346ae} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 2380 13f626ef258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.2.1785196120\1928441943" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3232 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {724471f6-641b-4cd0-b250-c296e43a2400} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 3352 13f6693a958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.3.518262522\212026551" -childID 2 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e0d7421-6156-42f5-af22-0ee454aa1a45} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 3048 13f67ca7258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.4.1656907258\865038051" -childID 3 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a445a2b6-701d-4e41-8bfa-6b409dce5c5e} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 4876 13f68dc9058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.5.628870264\226556924" -childID 4 -isForBrowser -prefsHandle 4728 -prefMapHandle 4848 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de2fd392-461e-4e4b-af21-5a0a18a49eff} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 4788 13f68dc9358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.6.888746481\1279022075" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5044 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a589978-1533-4ac6-9398-548573925036} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 5092 13f68dc8158 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD56b1483c31924f10746e636286f7868b6
SHA1edc982c6a6432fe77028f1e9ba440790e1330e69
SHA2562600574c6e7acfb8db4fd0ba1e66fbb7b6bbd5b833238cdbf6c1ef40fb22446c
SHA51225fb25cca723062b3bcaae11137536457e9a17cb90a5db2167d2cd4400774534760ad9a74e11eafabb320a405f53e0d9d1eee3f46f8e079f873da39179a2fad1
-
Filesize
944B
MD5c639412924fb2551a98b46fc4bdf3141
SHA11752b89039382e7b27649a23c80ba7b1dac2fee3
SHA2568281cfc3ea7f91e7ed602d94ce53d6a34ad4ade3dea796bc44fa4f601cc18601
SHA512c5956a6a71cc3f67d70ef759d1f453cc4f2994afe48b6815ead62335d2128e19e543bec3ef54e4eaa1ddd7be2369a2a7e7bcc36eda06110cebf8a0e3402e8ffa
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD51c0e9f7a3168fdf770191564874e0556
SHA1f7336b808e15b9a8e5091a0ddf8d00696cb95e31
SHA256a4971b4d5e37ad7d97034befb447587e5d0ff0ec4d90a074ea6de304a0e312dd
SHA5121a7449cad55e16a365f677df85f3e65b2e09bed39da4fe83261c19e3bc8a7e3623831a1b3f30e906be92294b9c7fd295182f343b420a57a92c12503e0721578b
-
Filesize
746B
MD53e36cf0907d2a58aec799970ac2f4537
SHA10af45c78c26c4682bf1e994149a9c33431c9141d
SHA25668548aa8f350ab77d89cdc0cd386bf94c314a58ac0132b80081f3c8a584d0b39
SHA512a81a7a45ceb250bd07a8091392e711d94063526f90f12e3ed402b5dc271f8686873ed4c5f0fb94382d4885b52a3717448e443eec7be29a0128fa247bbe689695
-
Filesize
11KB
MD54e3b99c6ee1cf5d571f6fdc4b10f0f8f
SHA180c166f7fbee48eee5d59a94b24550f553a72fbf
SHA2568ce76b029e3a4634730ec9026bf1819fad861cceccb32abe71e94f05a0374127
SHA51208d03b1f8229fa3c3897a8d399c2b291c418d1e54b63a377e2814739c185a3c30d6bd6783a14ef32871d8270c6b965c6b14698eb72cd1b1465d5f45e310909a3
-
Filesize
7KB
MD5bd96e68f4e88129f3028729acc2cdc3e
SHA101dc4663ec6a543b5536e9657f69269a584e315e
SHA2564aef771ae220bcaf4900744d129e504bf0d2761735e66554ad6db4260d1309f4
SHA512bc3aff86805257297b2a81f3516231f5e58e32f5f79340e1c1e13f147622a69c454312b36d9320f2b37386fc868ca540cd659b720b8e49a9dfa1201632696265
-
Filesize
6KB
MD566f32422d2de935a2066bc2c0fd18110
SHA1faaca447939a26df9ef796627db8e85ff3c3e03a
SHA25679b07efd00865ee9fbad50bb354b2d0e4c4e990e439cce305a07a617128b8734
SHA512a98f959a996608069dc3f3bcc2f97f34480ad34157e662c1919a98497944b9a88644949fc48045437315dd9f776e6a1394271536cce2e0a1c14d9471b04a105b
-
Filesize
6KB
MD59ef1602591b366945217e8cd5e47fa7c
SHA1d29a855c5e49b94086c95ddcce3dc0db579a75cc
SHA25623871a7c013867bf11a40d479f7265765174675b96bac1ba83f89ca42289a79e
SHA5129d7eb2ac6a8f2a887edd4b7034b0df3fc0493081b2e41e430cbf528ca4f208eea0db5204a6f05250733772d934b28aea4914e3e6ed521a106a5f3734b652056e
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
995B
MD57756cf2fdf11f4932db932e19d2559f9
SHA1d85a4dcec02f786433b0ec01f3e0f4f01feb3927
SHA2566b10894faf6d79b75d9cef5014a23b60183e9941caba144d97d9a6bdad9e8b81
SHA51252693750647e7ee2d299e9143ce1c21cfc87d09fa0b10c18bb9a1c053b9e3dc08a34a01847f663aacfad34c54159898eb3cbe92f06bbf131b4f6dce8ad62236c
-
Filesize
1KB
MD50305853d4b5bdb3f254a510db4c851ec
SHA1f3e9aa9d7e630ea7cde26e810a89feea3478bea5
SHA256df643377bde171916d1d540da6de075214a9896d02c940e186640fc82f927940
SHA51265b4b1657211dc691d35d7738135b98ec610cbfe035f2c5fc87f9ffd77106649727bb5dae246c821c8fbec62114ba8cc4ef30295b78197207b60f0045c43198f
-
Filesize
3KB
MD5e15b579a05db20eb93e77554e24b6305
SHA17c224e8598385b2d90da0838c8d7e5ed8f75f969
SHA2569162d5d5df0f41834091255afb704887dd134a1cfc456b457823cdba4cdd4d98
SHA512f8ccaff94e506565530e1051c7a58eee41b674fec5183de6fbdf2adfa739fb66846c430062ae3753b0e3aa16d1f9d3d191577f0b5f22c297a8bf6bd95c645816