Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

infectprint1.exe

windows7-x64

10

infectprint1.exe

windows10-1703-x64

10

infectprint1.exe

windows10-2004-x64

7

infectprint1.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    1799s
  • max time network
    1808s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/02/2024, 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    infectprint1.exe

  • Size

    79KB

  • MD5

    0d4af64eb1995e67483f1ac5cde08aa3

  • SHA1

    e12cb2931e67de580a8342bc478ef92e582b49ac

  • SHA256

    580755838d3205f51c43877d96f43572dc53d6d8f94cf59ecdf5f5b3384f2b31

  • SHA512

    7cd5124215968e3517c6c7cf1f62dcbc6c1295a1e8e200744e10375625e953eb5f376008abbe0e8524bd7a60193458123b372c342ab474a372b3f9cafe57e8fa

  • SSDEEP

    1536:Oaci2JuhUKuTJk/K7t5bpQrnPheGIFZXDF5TBjg:6vnb+r2Ny

Score
10/10
njrati-miss-upersistencespywarestealertrojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

i-miss-u

C2

2.tcp.eu.ngrok.io:18876

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Drops startup file 5 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Drops file in System32 directory 16 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\infectprint1.exe
    "C:\Users\Admin\AppData\Local\Temp\infectprint1.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Users\Admin\Documents\Svhostr.exe
      "C:\Users\Admin\Documents\Svhostr.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\pronto.exe"
        3⤵
        • Views/modifies file attributes
        PID:4676
      • C:\Users\Admin\AppData\Local\Temp\pronto.exe
        "C:\Users\Admin\AppData\Local\Temp\pronto.exe"
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3380
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
          4⤵
          • Views/modifies file attributes
          PID:3884
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
          4⤵
          • Drops startup file
          • Views/modifies file attributes
          PID:4656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe
    Filesize

    55KB

    MD5

    d6e8f28c9e1e254b1cc4ccd375ca6668

    SHA1

    efe5e84ada49e93aa991732290bb332d6ce13063

    SHA256

    f0b662a907423aff1f91bdbe0a90d8f32f89dd160a2c0991aca1a069d0cd7b52

    SHA512

    43b868d418269a83f99f60bcdd9c0ed7cc67e2863f23e57cbba4ee682dd7e046faa717b5e5cb12bdf76b8abbb3c5f71bf22f7a6e004ff8cbe54757ad8d38f833

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
    Filesize

    1KB

    MD5

    2938324423a248c2fa858304c588d9cf

    SHA1

    27678f1cfea94c0cde2cb66f69bd142bb966adbf

    SHA256

    eb5ad4f45c71e7d133bd61a18f08565b33911d8ed73f6426a8d76439c2d0cc2d

    SHA512

    ef025c6e65ff293547567f94e49db9d9364f6d416fffef82faccc9a48f333b4f88bde4de59132b499e03bedaa2312d31f75b7cbaf15dbd5c30e2cfb56ff8ea1d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
    Filesize

    1KB

    MD5

    66090e08bae4a9dc1cae7e2e88c4cd93

    SHA1

    8c2ffed288850f67f48e29ea49eb89457945db3b

    SHA256

    3a55dda614ea1b556877806438a50928182263a0095c122e557dfbdbd3f42bf7

    SHA512

    1f9b8da508d5152f73d37ffdd7a99d042328b2e59f2b5351aa9b5843a3b0baeb756ca8e9848eadc6868ebfa8f2da4727ae63870a80d8ddb955511c1565711d10

    Download Submit

  • C:\Users\Admin\Documents\Svhostr.exe
    Filesize

    27KB

    MD5

    c596af6b612263a4f8522e8ff345fd77

    SHA1

    26bd8d1eacb0940afbb3fc56ca3900e20a573a06

    SHA256

    ae46054bcc8861d767cf7c39d11e18aca0f9f393d6e26c779b95b12ddc725aa1

    SHA512

    185ca33f9579270ceeb08cd1cdaa2d9c3157e677eebe0ab54956106866f3fabf83aaa60f5db3944b47090e8550ff3ade4caab538f383a8bca32dd3f1ae9e6a11

    Download Submit

  • memory/3580-0-0x0000000000980000-0x000000000099A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3580-1-0x0000000001140000-0x000000000114E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3580-3-0x00007FFCA42D0000-0x00007FFCA4CBC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3580-4-0x000000001B430000-0x000000001B4B3000-memory.dmp

    Filesize

    524KB

    Download

  • memory/3580-5-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-7-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-9-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-11-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-13-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-15-0x000000001B4B0000-0x000000001B4E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3580-17-0x000000001B510000-0x000000001B584000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3580-19-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-20-0x000000001B4A0000-0x000000001B4BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3580-21-0x000000001B4A0000-0x000000001B4B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3580-22-0x000000001B4A0000-0x000000001B4B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3580-23-0x000000001B4B0000-0x000000001B4DA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3580-24-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-25-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-26-0x000000001B4A0000-0x000000001B4C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3580-27-0x000000001B4B0000-0x000000001B4D6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3580-28-0x000000001B4C0000-0x000000001B500000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3580-29-0x000000001B4C0000-0x000000001B4FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3580-30-0x000000001B4B0000-0x000000001B4DC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3580-31-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-32-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-33-0x000000001B4B0000-0x000000001B4D4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3580-34-0x000000001B4B0000-0x000000001B4D8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3580-35-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-36-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-37-0x000000001B4A0000-0x000000001B4BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3580-38-0x000000001B4A0000-0x000000001B4BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3580-39-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-40-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-41-0x000000001B490000-0x000000001B49E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3580-42-0x000000001B4A0000-0x000000001B4B4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3580-43-0x000000001B490000-0x000000001B4A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3580-44-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-45-0x000000001B4B0000-0x000000001B4D8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3580-46-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-47-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-48-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-49-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-50-0x000000001B4A0000-0x000000001B4B4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3580-51-0x000000001B4A0000-0x000000001B4B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3580-52-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-53-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-54-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-55-0x000000001B490000-0x000000001B4A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3580-56-0x000000001B490000-0x000000001B49E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3580-57-0x000000001B4B0000-0x000000001B4D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3580-58-0x000000001B4A0000-0x000000001B4BC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3580-59-0x000000001B4A0000-0x000000001B4B4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3580-60-0x000000001B4A0000-0x000000001B4BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3580-61-0x000000001B490000-0x000000001B49C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3580-62-0x000000001B490000-0x000000001B49E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3580-63-0x000000001B4A0000-0x000000001B4B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3580-65-0x000000001B490000-0x000000001B49E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3580-64-0x000000001B4A0000-0x000000001B4B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3580-66-0x000000001B490000-0x000000001B49A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3580-67-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-68-0x000000001B4A0000-0x000000001B4BC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3580-69-0x000000001B4A0000-0x000000001B4BC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3580-70-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-71-0x000000001B490000-0x000000001B498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3580-98-0x0000000000230000-0x000000000031E000-memory.dmp

    Filesize

    952KB

    Download

  • memory/3580-5583-0x000000001B610000-0x000000001B844000-memory.dmp

    Filesize

    2.2MB

    Download