Overview

overview

10

Static

static

3

4be94f702c...a3.exe

windows7-x64

10

4be94f702c...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3.exe

  • Size

    58KB

  • MD5

    d851457375df95ee26ca13524e5bbbfb

  • SHA1

    8243d96f85b5290c864ea8b29638d3d4baca4a86

  • SHA256

    4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3

  • SHA512

    0ec419e362d8f6f5c9819faa572fc15c24d94a166a3032348ff544cfbd250128bf03fc1fe37764642a3dd1d793ce12331ec193dbd737b1617697c7dd82eae7e9

  • SSDEEP

    1536:y2q3pLscBG2HwE+xSC3RUIHpZMXpB9O+nk:QVDg4wt33H7ypfO+nk

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:7771

Mutex

4c7a09e2b9a3f7aed80289c245122ae5

Attributes
  • reg_key

    4c7a09e2b9a3f7aed80289c245122ae5

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3.exe
    "C:\Users\Admin\AppData\Local\Temp\4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Users\Admin\AppData\Local\Temp\4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3.exe
      "C:\Users\Admin\AppData\Local\Temp\4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=4be94f702c445d29a29d9c6cfd27402912d8e453d7d7c7a47d26b736673896a3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
    Filesize

    252B

    MD5

    7e4baa703b27d082b89f4f966f2d75fb

    SHA1

    d0d75577eb7eb3e776637d08a32c837ff0595023

    SHA256

    420c932db8d4584355a0889f1dad4b34fbe280821621806774d5e88e8514d993

    SHA512

    cb0cac35e99dbdb7f8e649a884bfd8bc0ca593c2858d58f537bd0f8dab6aa9fa1074e3c658a472f28334c87a7348eb2691df446fe4fa421b526c50bd816e7066

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f64d3d067ed9ccac57bfde2ffc88df5

    SHA1

    ffd7dff7f79dd0193bf9dcfdce68a19e155294a9

    SHA256

    880f9741f85e94df71d3e0d8fa8b61d43cc5582e71555cfdac73631d83f3f79c

    SHA512

    9f9ce4d900bf613ff34a7ae36e25994a869c58e77777b7d75a1ef91bc281074106d080745da377e1c63bf365c9b57ea086437cf2703b8b63d87eeb91cccb0e67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c074072b445add44e0349ee3039c62d3

    SHA1

    a9067fbc9eda304be457c64c0813681ff62ba6e6

    SHA256

    46dd133033a6b2012ddc67f6cc9a6e8cf7c77bf1f14104bc453332b8a892c397

    SHA512

    dcd62d46fc6e8525a74776a75095217508f1dc640e09ae0676323c707826d7d82582d335ddc231d569611ece20cc39520652ecc67db77d8a4ff05fadc5955228

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    935eb86b0a7ff55491b0d226fa4a5df5

    SHA1

    abab15bf3de668d795f30c98ac28bfc76b7bc0eb

    SHA256

    736af8dd1d34a518000044b014f07edb1cef06bd069eaf4727cf9d292dab5920

    SHA512

    989bd108bd6e60aff0aec673a70179181e840f4384f9ff6965a8946a349a18c7b242d3eb57a7a5dd492cc8b3514d500d9febb9cc6081eb428afe1a6cc06e0722

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d4cdee734b00f05f03cf2c9b43a48fd

    SHA1

    e0bf458a7639fa96e58a55c8e8a65b2b5fb99e90

    SHA256

    647ec5f5adf1ba18bf2d5199a9965911ed1764e000ada961bcd88fcc2b4b3ed9

    SHA512

    1d5b60773ffcf20c2c7092810fd1a976b3cd698a9e211406b2f3956d050eb7b6e0ba974acc1c122a919ad90b9817294606ab6e1b61d04102d198bba1aa5e38c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e08178381486e257028a455d55387c93

    SHA1

    f7d93a49cddba5d4765cb5f8d103e192ca0c25d5

    SHA256

    d90db593087514f5fded18123f66d2170c95b0aca167d08c0f9af87f6544c63e

    SHA512

    5219df4f9cb507bc5583f1010c7b0047c3cbf65be84ca6cd6b9b2b32db4994ec282880e5bdd49eb2df9db3bbdc0987c37aad6a43e2346682394c0ba51c6bf7d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1dd6e15849f9bc7a0ac7ea1c54579bc

    SHA1

    141b384d77db9963d9da1c19c2e4f1f1d7373af0

    SHA256

    12056c819d13d71d16a8f0715f7d3289f031c83a775f2a12c953a602cff96d31

    SHA512

    7f85da88aa1a4f50ae00ebc485258e98fe6ef84fe2c0f6d8c33dfe2c13f5c19860f06bc392a0e3f737f5c0d587c55b5fa7d714854b2f18f31f9d392d35163847

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44b7dd335ba2a1a200c686d64f6460bd

    SHA1

    b9411d84a776d21c22427d7a76c3517675ec4a9e

    SHA256

    04fb99abd788132c16ee1a9c0f32cc350f7a6c520e7a35a42853015276eb3ce0

    SHA512

    a67452df6ac0a4349e640fa6f7e965222cb62daab0e1f05140f750eaddf9253c2b95b8660e370cfb70672da32f2409ae93ad1706538b03901209bcadc9fd0e0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c6562a7ab8cde6d9cc176273ff91d89

    SHA1

    7cf5e72b097de35fcbf56cd737a5dc6245a07ab3

    SHA256

    5f500c924624b4ca9b195c7f2d19aa6bb7b5e4c2a5f6f777628980ed575d2429

    SHA512

    d3c3e2429d049056b69dbd048cd96b91f35a39af743168afd3b395389809cd2adc04d91329e99dade771f2419a4a77a18942e8f7c4dac238acef0f5b46707715

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1f27f0b1decf865a74c5b18463ba814

    SHA1

    04a58b36a6ae9744f3f7e3030d31c401b557403a

    SHA256

    506dce22f9b385bbf962226c1e10a51218ccb87676b90302f20019edabcf7237

    SHA512

    1c98a3fe9a2ec622fbdc0bc1c218ce658067f8647508529f2823d6240bbf25a908cc455073f42a46e70a870906e323d5eda918e5b05bea27fd08163f4d3f00fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c6ee5492d6d5638c9b047ffa6cc05fa

    SHA1

    2dab7101a6f36f75bda15fcbe7fca215e1755285

    SHA256

    4364c04796e90526da305e079501f3fe22a039519f5c3d6c750e2afe86ce6b39

    SHA512

    c830c893ea7b94fbb0148d1c2decd63eace036fba599b7289a24661e6a04ae49e7fcf0acc55723458e5637ae0e31c6005af2caf864cc02ce14650276de322e87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5D8D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar61A5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2692-14-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2740-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-2-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-4-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-17-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-16-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-7-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-10-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download