Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/s...

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/simalei/njRAT

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: LoadsDriver 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/simalei/njRAT"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4112
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/simalei/njRAT
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4052
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.0.334127183\1741691174" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84c15dc5-cc21-4ed1-a6ae-7a6c5b35345d} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 1972 22b30e29b58 gpu
        3⤵
          PID:1188
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.1.1225770898\44279651" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3beff95e-d4a4-493b-b953-cd63a8f4b971} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2396 22b2fafcf58 socket
          3⤵
            PID:3260
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.2.113626060\1595002790" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3104 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c80e50cc-3c7a-47e3-bc2c-29cac30e4f42} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3260 22b33d0ef58 tab
            3⤵
              PID:852
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.3.302925570\1546045536" -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3760 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {630ea13a-d2a8-4464-915c-a52b17927a63} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3796 22b34bda258 tab
              3⤵
                PID:2444
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.4.1142047809\699217857" -childID 3 -isForBrowser -prefsHandle 4924 -prefMapHandle 5160 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e0cd4b1-18e8-4630-872c-4ea681f56fc4} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5128 22b36ee2758 tab
                3⤵
                  PID:2860
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.6.1107640923\2018473163" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5168 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beb0f9b7-09ce-4659-b60b-6b544a8af7ca} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5308 22b36f40858 tab
                  3⤵
                    PID:3332
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.5.22231955\211667536" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 5064 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6116f063-d4c3-431a-a619-5195aecf54ff} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5268 22b36ee3958 tab
                    3⤵
                      PID:2380
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:4008
                  • C:\Program Files\7-Zip\7zG.exe
                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\" -ad -an -ai#7zMap31686:112:7zEvent3673
                    1⤵
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    PID:2608

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    9KB

                    MD5

                    7de71043973910ca4f3340900d3bc05e

                    SHA1

                    6a1c48f6eeb1e136c16e09a452ee07112bda6119

                    SHA256

                    02570dd85efc46ad9b3144eead8580c00aaf8a5ad043ffb3180cde06b2d16c26

                    SHA512

                    c30804dec6b8647992b89f78da65878f82d4b7cb300ead74d39ece88ac26698121d15bda152b1b89b0f80f2fbc9fdbc00e57e383bf31254308e2f69049a0f034

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\datareporting\glean\pending_pings\918d7436-1d06-4435-909a-efed06c328f7
                    Filesize

                    734B

                    MD5

                    644035bccbeb879c01793eb653ba42a1

                    SHA1

                    891aa2b9076b539fb747b139e731f849dd217fbe

                    SHA256

                    97cddd0aa6efb2bdba6e0083eb70499f22719db7c3113d52859ebbb813267c6b

                    SHA512

                    4c4dd970059620c6e0d85862a39e11f8ee0aaa3249fe277c4659859bbf793e6e9698cbe16687ba8cb94748a544a48020b39218c79277689cec3d0de4ceec7262

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    0c6845b71ed3cd5600ba650ada646463

                    SHA1

                    ed2dad88c9d30cacde0ca349e6b272a03952d8e1

                    SHA256

                    4a34de9bee32840ae6dbfa4b3aab522f1bc2051017dc00f7e9d5e95c9773ab6d

                    SHA512

                    7c3f399d5df5d8d23fd5bb137094c4129b19c98d3255ccdf832812afacfd38abcff76c6c6e2c46e123dc4778948c82b9dfe4f7945be2b6342da7ceb7a7b630d5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    292ef8a3974becbbfca5ff6e4b225445

                    SHA1

                    02b984c5779bfd4558d531ea60a71b9b1d881b58

                    SHA256

                    0072047b69c61160220f11148e520471ae2845ad16235baf87a64bd08187db71

                    SHA512

                    a871da258f05f8aa9969b8d51430f29666824318f94c809988fc8990dcbc95abb0345de22e9a46b1309dd5254bbfab5db49981f20ecdd3898559ff70ea0934ac

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    df448893a358f4260d08f6a5b8619148

                    SHA1

                    64576e861ad0c283313c7245483ae594d21239f1

                    SHA256

                    8f502ae5a76915db1ec32f7bd7081d2829ed71a4506a9c46fe45c3b7f95fa5f3

                    SHA512

                    a698d658a389ef1f69b045c309847de3f2ecc5daf0b72ca185f2f71c4b3ed6f27538a878c2d44b994edf3adc66d96ee2f24816208d4918a4583d82d68fd7dc2d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    b4dc7f8d468ded37d1fee5491b5c7914

                    SHA1

                    03f464dc8ea8f0ee8601c4fb8cdc37b499819373

                    SHA256

                    754970a293546dff8a0dc77ab1d108ebea2aa6482d7d91408279c5727c6ab126

                    SHA512

                    0b6f13c35fc1aad1a7f174c9d062cc458917b59b2bf49759a72a3a4cf2151ebdf1fbd36097678f0b5562844c12d638957590211577fb1aef46a1c2b641fe492a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    f824d89875523afec1d8b0f224021967

                    SHA1

                    f4281c51e0f4b5168a05717866b89f52deeeb7ed

                    SHA256

                    a4a87602028fd4325477faa31bc9d0ef95ced9a51c48df5d04ac11c79fe296f0

                    SHA512

                    3e52610c9a3c00cc1749db15287684f652054641cc6cd6e6cc950fa71b202c5c9e477f1cdaf04c3ebdf35a400c09929dd58e1a3152c2f2e1379dc063dd8a58d7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    588242d3170e07818c28e7d7de34482e

                    SHA1

                    ccc9c038ed8f741202f6ea681a26e37218ee8663

                    SHA256

                    38b8325814f1eb5ef7d6bffa52bdd81a57f52c0a983984bfb834c60a4389d265

                    SHA512

                    6415a0d5a3f16f1bc5602527198e186adca1e637f106857369943495b4043fd1fec50bfb8bfc3087441b41cac5111655e3fd840e56f90b0da1926d8b2e7f69c0

                    Download Submit

                  • C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition.zip
                    Filesize

                    1.8MB

                    MD5

                    de0724e9b662c97a8131d593ae03e1e8

                    SHA1

                    2367807d0405ef6d7cef00f0b145c29823dd5128

                    SHA256

                    aac5b302910be9b2c904f039129d3c42eb1e4b1539ef6de621669793a95c7e69

                    SHA512

                    753baf929259237f987d1c8251c13a2d0c72ec34c332b1c103ea501c5ce68628d41092d404ff02b7c58709fb51c266489a96453e502533c2804a884446c18e64

                    Download Submit

                  • C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\stubs\Bsod.egg
                    Filesize

                    5B

                    MD5

                    f8320b26d30ab433c5a54546d21f414c

                    SHA1

                    97cdbdc7feff827efb082a6b6dd2727237cd49fd

                    SHA256

                    60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe

                    SHA512

                    af1aace54ec0ab736f8a6a262cc319740beb89d04efe071d451522e2cdb210bf0c81ae676ebc45781935cc18a3b939a6645b2ebe0a484e2594d672d81460b3dd

                    Download Submit

                  • C:\Users\Admin\Downloads\NjRat.JlNuKrwg.0.7D.Golden.Edition.zip.part
                    Filesize

                    320KB

                    MD5

                    52fd26071dd2f5ff5c81640e41c76db0

                    SHA1

                    55935e81cf8b23092012d7ee958f75a82104f299

                    SHA256

                    549262654c760992c54c193d3ef9fd3da8981e16e139fba91ea1c4ad9aac15d2

                    SHA512

                    8190ca1a8e4a627c37e20c435b05e41054bd1619556cdd0f0c5f4ab1975c902cb7da608086a183a752d530ab60bbe52ebc4b7697b756d7602bd93ebedb6f0be0

                    Download Submit