Analysis
-
max time kernel
6s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20-07-2024 17:34
Behavioral task
behavioral1
Sample
Laucher.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Laucher.exe
Resource
win10v2004-20240709-en
General
-
Target
Laucher.exe
-
Size
23KB
-
MD5
cd6778c62837fe1c00f9d20f5b6764da
-
SHA1
595346ec1934cd5ef6f53deaa9a491afdbf65c36
-
SHA256
15cc48febf33e832ce4b2e66ec579ba8cafbf7a084d5f35b90ebf2a7451573d7
-
SHA512
3d195e04054f09f452d50c33a710eb74b2b58409b0816deded5a6b0c68383ba72790d6753c260476a2dbc33e2f2f08126b766e5d0482031fdd2c66b28f9234d3
-
SSDEEP
384:4sqCm6yocx/Yp7jemiO0nd08/VQ6bgNQC5h7tmRvR6JZlbw8hqIusZzZa+:PSoQA6mlcrRpcnue
Malware Config
Extracted
njrat
0.7d
Laucher
players-celtic.gl.at.ply.gg:11897
8070cac3fa16f7a7eee679eadfcdefef
-
reg_key
8070cac3fa16f7a7eee679eadfcdefef
-
splitter
|'|'|
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1848 Windows.exe -
Loads dropped DLL 1 IoCs
pid Process 2460 Laucher.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2460 wrote to memory of 1848 2460 Laucher.exe 31 PID 2460 wrote to memory of 1848 2460 Laucher.exe 31 PID 2460 wrote to memory of 1848 2460 Laucher.exe 31 PID 2460 wrote to memory of 1848 2460 Laucher.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\Laucher.exe"C:\Users\Admin\AppData\Local\Temp\Laucher.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Users\Admin\AppData\Local\Temp\Windows.exe"C:\Users\Admin\AppData\Local\Temp\Windows.exe"2⤵
- Executes dropped EXE
PID:1848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD5cd6778c62837fe1c00f9d20f5b6764da
SHA1595346ec1934cd5ef6f53deaa9a491afdbf65c36
SHA25615cc48febf33e832ce4b2e66ec579ba8cafbf7a084d5f35b90ebf2a7451573d7
SHA5123d195e04054f09f452d50c33a710eb74b2b58409b0816deded5a6b0c68383ba72790d6753c260476a2dbc33e2f2f08126b766e5d0482031fdd2c66b28f9234d3