Overview
overview
10Static
static
3NjRat 0.7D.exe
windows11-21h2-x64
10Plugin/cam.dll
windows11-21h2-x64
10Plugin/ch.dll
windows11-21h2-x64
1Plugin/mic.dll
windows11-21h2-x64
1Plugin/plg.dll
windows11-21h2-x64
1Plugin/pw.dll
windows11-21h2-x64
1Plugin/sc2.dll
windows11-21h2-x64
1WinMM.Net.dll
windows11-21h2-x64
1Analysis
-
max time kernel
446s -
max time network
450s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-04-2024 09:35
Static task
static1
Behavioral task
behavioral1
Sample
NjRat 0.7D.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Plugin/cam.dll
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Plugin/ch.dll
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
Plugin/mic.dll
Resource
win11-20240319-en
Behavioral task
behavioral5
Sample
Plugin/plg.dll
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
Plugin/pw.dll
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
Plugin/sc2.dll
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
WinMM.Net.dll
Resource
win11-20240214-en
General
-
Target
Plugin/pw.dll
-
Size
284KB
-
MD5
ac43720c43dcf90b2d57d746464ad574
-
SHA1
eae39df1c717ca74f6f04d5ca8478ea55145535a
-
SHA256
ca6367d1ab873a55ced13d7024c530bbe4a6a703813225233e59041c7ce14eaa
-
SHA512
9082b3cd8b36031256923c8f2bed628e9331129bbf09d111d9d02268a49e493248e5638ddee5b02da66e9159a608f8f26499ca0f736d6a369a30f71950c60d40
-
SSDEEP
6144:QxY714e31bXJVFJmShoCKFdZ3aDGjXsCUjguhyUOMO:7ZxJ/JmSG9T8CEgdM
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1080 wrote to memory of 788 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 788 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 788 1080 rundll32.exe rundll32.exe