Overview

overview

7

Static

static

3

NinjaCS_v1.3.exe

windows10-2004-x64

7

NinjaCS_v1.3.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/03/2024, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NinjaCS_v1.3.exe

  • Size

    3.5MB

  • MD5

    dcc565d6f70566ee2f78f7dff6131fdf

  • SHA1

    08dc0ad8713fac148cbf65d8ab7125ace4690252

  • SHA256

    06dc0a4a2e8a4c02c72be5872f0df88dc3f830619a470c2ede90eef86afae5d2

  • SHA512

    0983fc136a995ac9bdc3ca43477a45f10a817d53e91152a82214a8e4394a1a1edb737df7b66ce79104fba3b9bfbb7a9d90eac3e6e9be8626690fa3c7ce0aa8c3

  • SSDEEP

    98304:Fcb+6Lsjo5fE4I1o712g2WjHYHrPdFnOLUambXnAzWpcZqrg:FcRL15EwUglj4rbO0XnXcV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NinjaCS_v1.3.exe
    "C:\Users\Admin\AppData\Local\Temp\NinjaCS_v1.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\NinjaCS.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\NinjaCS.exe"
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\HandyControl.dll
    Filesize

    1.7MB

    MD5

    7721007a7009690c5bfba1c4e3f56c25

    SHA1

    bf0644114d3b8cc7104993d697f456724a4549f8

    SHA256

    858f82fa07f161bccb3ac14addb3efd44542bc957d8e203b7d468f19441980b4

    SHA512

    488f60b2df9fbb47d434ab4e6b7db917e6b24d7a6e3c09f4e1e1f9fc0fdd88968450773113d6a18d78b6898f8fba0ee2313ecb828d6fe3b65ffc994078f816fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\NinjaCS.exe
    Filesize

    2.4MB

    MD5

    4ba686b396ead7bebf25909b5d633dcf

    SHA1

    6757a9c40b0c37b160d38828a325c0c968a8d209

    SHA256

    829fa5f5338d20eb6677b4bd579f0d7a90179d37792506bc5b79a14322312cc0

    SHA512

    c33019c25ca10871437955a2e7c29b0e431c098ab537a2df1a9cebd3ea806d86775968188c7b0338cfefef949c264cf7e47b30deb4ca73cc17cd62630daa0b0a

    Download Submit

  • memory/1500-36-0x000001C7B29E0000-0x000001C7B29E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1500-35-0x000001C795D00000-0x000001C795D10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-29-0x00007FFCA6CF0000-0x00007FFCA77B2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1500-32-0x000001C7AE610000-0x000001C7AE7D0000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1500-33-0x000001C7AE510000-0x000001C7AE5CA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/1500-34-0x000001C795D00000-0x000001C795D10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-28-0x000001C793BE0000-0x000001C793E48000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1500-30-0x000001C795D00000-0x000001C795D10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-37-0x000001C795D00000-0x000001C795D10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-39-0x000001C7B2EB0000-0x000001C7B2EBE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1500-38-0x000001C7B2EF0000-0x000001C7B2F28000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1500-41-0x00007FFCA6CF0000-0x00007FFCA77B2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1500-42-0x000001C795D00000-0x000001C795D10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-43-0x000001C795D00000-0x000001C795D10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-46-0x00007FFCA6CF0000-0x00007FFCA77B2000-memory.dmp

    Filesize

    10.8MB

    Download