Overview
overview
10Static
static
3NjRat 0.7D.exe
windows11-21h2-x64
10Plugin/cam.dll
windows11-21h2-x64
10Plugin/ch.dll
windows11-21h2-x64
1Plugin/mic.dll
windows11-21h2-x64
1Plugin/plg.dll
windows11-21h2-x64
1Plugin/pw.dll
windows11-21h2-x64
1Plugin/sc2.dll
windows11-21h2-x64
1WinMM.Net.dll
windows11-21h2-x64
1Analysis
-
max time kernel
456s -
max time network
458s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-04-2024 09:35
Static task
static1
Behavioral task
behavioral1
Sample
NjRat 0.7D.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Plugin/cam.dll
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Plugin/ch.dll
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
Plugin/mic.dll
Resource
win11-20240319-en
Behavioral task
behavioral5
Sample
Plugin/plg.dll
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
Plugin/pw.dll
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
Plugin/sc2.dll
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
WinMM.Net.dll
Resource
win11-20240214-en
General
-
Target
Plugin/ch.dll
-
Size
45KB
-
MD5
2fe4b9dbd31f83faa7aa1c692ba4d3a2
-
SHA1
1b3c03e29302a0f07acb4af306a7ad42ea4827dd
-
SHA256
3c088df7119c494e3df95af42456225f4dab1c3abe003869f8c79afb0993b027
-
SHA512
cd169dc1d2d5cf0f538334b8ac31817ea1a4e2c8c0faca6a715c63eb4aa464e8aaa4f6b10fe030f46a37ab18a1cd6fe099c662c727e107cb87ada1a8218bc5fb
-
SSDEEP
768:FjTkCC7kDA87eqVlviNDkpI/pDwxRcNDRQt40BthZWMaGOQKgB22T:dkCC7kDA87eqVlviNo2hkxmRRQthBt3O
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4632 wrote to memory of 4844 4632 rundll32.exe rundll32.exe PID 4632 wrote to memory of 4844 4632 rundll32.exe rundll32.exe PID 4632 wrote to memory of 4844 4632 rundll32.exe rundll32.exe