Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/07/2024, 12:59

General

  • Target

    NJRat.exe

  • Size

    31KB

  • MD5

    29a37b6532a7acefa7580b826f23f6dd

  • SHA1

    a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f

  • SHA256

    7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69

  • SHA512

    a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818

  • SSDEEP

    768:64+64ZRzo+zxJ+lS7gqzZ5XvzpQmIDUu0ti69j:xM3/Bh1QVkvj

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NJRat.exe
    "C:\Users\Admin\AppData\Local\Temp\NJRat.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:416
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\NJRat.exe" "NJRat.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      • System Location Discovery: System Language Discovery
      PID:3976
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2840
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff4a31cc40,0x7fff4a31cc4c,0x7fff4a31cc58
        2⤵
          PID:4312
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1976 /prefetch:2
          2⤵
            PID:1980
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2000,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2224 /prefetch:3
            2⤵
              PID:1868
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2248 /prefetch:8
              2⤵
                PID:1124
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
                2⤵
                  PID:4924
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3304 /prefetch:1
                  2⤵
                    PID:4220
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4488 /prefetch:1
                    2⤵
                      PID:3100
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4740 /prefetch:8
                      2⤵
                        PID:4972
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4968 /prefetch:8
                        2⤵
                          PID:1564
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4720,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4976 /prefetch:1
                          2⤵
                            PID:2088
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                          1⤵
                            PID:748
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                            1⤵
                              PID:1000

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                              Filesize

                              649B

                              MD5

                              bb44b5641f892260c7cf303adc740b95

                              SHA1

                              94d4ae7d81cfc6528dd510507835f95028abe552

                              SHA256

                              ed61af67bdccddee9ac7768c4d210b021dc173e011b3259bbdfd566fa25a4714

                              SHA512

                              f0454d558082fc331979abb15425c0015d42014544a01ba810b4b3fd7319402b5a4f58be14bb644c3a1ccf8a333ce87fd5113c49fd9045abfb94c3ab217fb8ab

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                              Filesize

                              210KB

                              MD5

                              5ac828ee8e3812a5b225161caf6c61da

                              SHA1

                              86e65f22356c55c21147ce97903f5dbdf363649f

                              SHA256

                              b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

                              SHA512

                              87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              216B

                              MD5

                              31203cb42356f8777862cbe0f9d850ec

                              SHA1

                              482a7fd0acdd5a15497cfaf2ddc4682c6ddda376

                              SHA256

                              6b0a0d0a628c7cd57bc4d09f4c2b5bc7a17ea3efdc82d30b04f544de5b250826

                              SHA512

                              2e85964e9ac2192a8cc9f5581ba200bf2c8da579a62f4f787e18985094ef1eb446faa64f628dfa7756915918748c27c4df0090819dc830095401f9b047d5c286

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              216B

                              MD5

                              db89e2f39fcfac85d56acdd133d1941f

                              SHA1

                              24d10db8996a958ba4613b28b28fd68f1ae0e8e9

                              SHA256

                              307235797476d19b28f930c5fa844ffd70489376a5e3bbb9136d2d19a5c9cc5e

                              SHA512

                              0d85d713884a902430736e5300912c3a2a48c7886942894c816e23ee7fe19907113bfd76821a08b5ce4c4f4e82ab04dc377810912c5ab8b30440138e17980a7a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              36c5bea311cbc4a98878698b961990ef

                              SHA1

                              0586296f1c261dc70f4affaa1efd1954c57fbe8a

                              SHA256

                              7f01c4238976e65a247b2d44af3e5eb09fe1b7a8b88034a2f545ae20ddfc508e

                              SHA512

                              6bf3ee2cdff252b42f4143e56bcfdaaf883ecc35a429d0506647677dfb7c3e38ba59909f76fd8a9fca5f01ed448fcd917901b8e33154ddbba48a0a5019ce1df0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              354B

                              MD5

                              2df1cef4d3bd57964e3ea8a52a910fd6

                              SHA1

                              723bee6e53abfc598315ca712f2647c7389d2d23

                              SHA256

                              aabebc4b119470aa6079bf676ce6cb50165e31a646d4833b2f469ed2385fe571

                              SHA512

                              6da446fa471def8ab222c794e512e3972a1d77a627fb8d7fcaac38f2f6f7a145a77810690c1000a15658f9e9d493d1b2ab13122dad6f13a812d3e6479b8d17d9

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              354B

                              MD5

                              a8e20d71ccf6e11dee1ee78a12f4ab14

                              SHA1

                              0688d9271ce1a61efb55a2ab8c8def9ca6abfe18

                              SHA256

                              6270a13118bc3951a3174506aac20724ebc34531abcc47bc880ef736c5e131de

                              SHA512

                              4555d183f668595414a41481c285b50a1e12351b4c41ae0528e916b30f5f9a3cf4ca96baa9bc8d34d624fdc7455c5fbf31565812cff1f0a1d9b0fe40fcaf9153

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              c2119879e170c92cb25402996ef32bb2

                              SHA1

                              68be2db29278155347d4955c2533df9c0b509d79

                              SHA256

                              23a0ab76888fd5abdb892d919d0f7521e6b9c4fe234f75f3d1b1d6bafdc8543f

                              SHA512

                              a62474a34522941434123a10ee941b9e7a2709c02fa59ba6fccc394084344faf49960fe9fb174e172da22946fbd98a8212182c9dc1b2c40c783be7ba7548ad79

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              8KB

                              MD5

                              9f02feaa818bc01fb6019e421512ed46

                              SHA1

                              0ece22e92f98fc2ab9df7a7e57c0d23fe1508fd1

                              SHA256

                              266ffd9a774885fe80eb5cdfd8935aa26e302fa9240543a08c0487ba5040807a

                              SHA512

                              59d8f08e7bc8c310d6255afa3edc2e86950109eb2ee1aae2aeecca6921058df807f96de9008723fcd605d3bb3b0d0aa3feb1fba701f5e8cd5aecd6ef8be0846f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              151b19f65eaf4257628c9bcd576cf353

                              SHA1

                              69ee2677957c8cef455fe21c7c53894956df9a3a

                              SHA256

                              d4d9e68f0ef687e94b7d1b96562e29d53404d041bb67934f3654aae3aca14a72

                              SHA512

                              a39ca0f8b7b7ab71bb1f63d05b7dc434189d5350271939475fc28d654a3a00e1e5e24533243254ab01867a09a5358400bbddbbaa6072b093680f326cd62fa8cb

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              1842146be92e2bb6e2af7ffb6bc43f79

                              SHA1

                              47bfc2fbed8de050ae33103f2845b84940804871

                              SHA256

                              d596d7440de6d7e40730dc717d5379d6daf20bf11d921776a9898f30f7d41b6d

                              SHA512

                              edf21354c61d9b6b73c879edfd45da92da904af33ba3ff55ff065cb491150ed6c83379c86a5775a0170a13bff3125a6752fb422b9deb50771d47d41e5ceed267

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              8d8cc1c36096e027090bb557f5c47b83

                              SHA1

                              9948261e58771d262579f7676e01ce9ebaeda0f4

                              SHA256

                              9f6f7f1ce837c5ec12faf56f7feac838b17707ffa7e0c3af977f361d3bb1af8d

                              SHA512

                              084a3400302a685c89bfe5905adc775e1aa001eea8a98764a60135ed9bbb8aeea97b5655506be22c3ba4be7ae32439237415208d3dc4499cada772072184d36d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              bbd97e44d15592515f36ebf1fc0d2914

                              SHA1

                              17e8d5472d0c23938fabea54253bea5d8bb246a4

                              SHA256

                              eeeda659bbf9b5f33f28c6a604abd3f730d418082c4b1e0cf33c19f3ac478c6e

                              SHA512

                              7b7c63afa97cc95fe9826fa9bd7c6ac9391a16477d2081f8477963340fda2075dc58f4e5b97f3924fc17219115b59dd5596b745f98c617b22b837c5a81a93563

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                              Filesize

                              15KB

                              MD5

                              f74c9eb6019a9e53726d60336de1ca4c

                              SHA1

                              93a2f1af3eb35311de4dd15a83e5abc718ee0980

                              SHA256

                              abd583ecfd010684ccba03861b07c71428401d61e4d89db28cf9b9d1ba473a89

                              SHA512

                              0111ed484827b2b9a2fda54e6f5600db87ff02b4283f0ac7fdf553cba3399ed04d50bd3c36a42f8c75702366db8e7ad0c0ec6a15610ce2adbdf543c4eca211e0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              188KB

                              MD5

                              4436ce51d46061c6800c443cd67b2f25

                              SHA1

                              ac3536f5e2eeadb73bbe3ea88b506707b53221ff

                              SHA256

                              425531c0efbcd16cedf5957f5d6806dceef381f3f96d294110a276c0c9b1d3a5

                              SHA512

                              14ca7ed77357c2cfd8f8b47e8d687dc07c44280c45194d3fc136389503269bb3cd2e014668a3c87d9e47144571290def3372cbf9dbfecc50a31311e9a54a2324

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              188KB

                              MD5

                              eeed3547b5fc3857d29163db8ce16472

                              SHA1

                              f4f58c6d624b83a17b3364248c1b6d029e69caf5

                              SHA256

                              e0efe73696bedb872608672602e318e04c8a4a6b93ffd2cf2b7717344ed46169

                              SHA512

                              8634bc188d89e59f42b7c5947db4936f7e2e43b5ae351f41b1a043232d29453d5d08b02b59f481b0641fad6ce745e114c563bb5656e00962e85e72ce98697100

                            • memory/416-0-0x0000000074D82000-0x0000000074D83000-memory.dmp

                              Filesize

                              4KB

                            • memory/416-6-0x0000000074D80000-0x0000000075331000-memory.dmp

                              Filesize

                              5.7MB

                            • memory/416-5-0x0000000074D80000-0x0000000075331000-memory.dmp

                              Filesize

                              5.7MB

                            • memory/416-4-0x0000000074D82000-0x0000000074D83000-memory.dmp

                              Filesize

                              4KB

                            • memory/416-2-0x0000000074D80000-0x0000000075331000-memory.dmp

                              Filesize

                              5.7MB

                            • memory/416-1-0x0000000074D80000-0x0000000075331000-memory.dmp

                              Filesize

                              5.7MB