njrat | hxxps://github[.]com/Viper4K/malware/archive/refs/heads/master[.]zip

Resubmissions

14-12-2024 14:50

241214-r7ls1svqdy 10

14-12-2024 14:44

241214-r4e63avpfv 10

14-12-2024 14:40

241214-r12kwswrhr 6

14-12-2024 14:37

241214-rzfl2awrfl 10

Analysis

max time kernel
0s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Viper4K/malware/archive/refs/heads/master.zip

Score

10^/10

njrat slaves discovery evasion trojan upx

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Slaves

hom135.ddns.net:100

Mutex

d4903fdacbb79e6cd1109a741a2bc821

Attributes

reg_key
d4903fdacbb79e6cd1109a741a2bc821
splitter
|'|'|

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3992	netsh.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000000073f-148.dat	upx
behavioral1/memory/2208-149-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral1/memory/2208-192-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral1/memory/3704-194-0x0000000000400000-0x0000000000452000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 1092	2472	msedge.exe	82
PID 2472 wrote to memory of 1092	2472	msedge.exe	82
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 3500	2472	msedge.exe	83
PID 2472 wrote to memory of 4452	2472	msedge.exe	84
PID 2472 wrote to memory of 4452	2472	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Viper4K/malware/archive/refs/heads/master.zip
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9255346f8,0x7ff925534708,0x7ff925534718
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8128445018619891917,18279761372573642575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3964

C:\Users\Admin\Downloads\malware-master\malware-master\NJRAT\njRAT 0.7d\NjRAT 0.7d.exe
"C:\Users\Admin\Downloads\malware-master\malware-master\NJRAT\njRAT 0.7d\NjRAT 0.7d.exe"
1⤵
PID:3408
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe
  2⤵
  PID:2208
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Roaming\server.exe
      "C:\Users\Admin\AppData\Roaming\server.exe"
      4⤵
      PID:3704
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\AppData\Roaming\server.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Roaming\server.exe
        
        C:\Users\Admin\AppData\Roaming\server.exe
        5⤵
        
        PID:1824
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE
        6⤵
        Modifies Windows Firewall
        
        PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CSIDL_

Filesize
67KB

MD5
d65ba9b2e11f53293a12183eb9e6b1a1

SHA1
b61b3b8df3e90114b5b62532b0f5902fe5c46420

SHA256
196d391a4a946c759ca71ac0f22febd5da2a973e05cd6e64004a15f58cf8d3fe

SHA512
8bbd1c97e96e9acd49e939dee1df555929fde2d18de9004a1a78588feba3617ab5873a21cec658461b13e78596caa380750c4a38a2f9f53c5cba7e980d71aef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
d11edf9e08a127c768843acea41d0bc5

SHA1
ff1af9b39de4a3f547407fd9864ffdd2bb6c7354

SHA256
217e4d9d1412e45abf7a653f72a5ab8b53bc8fc6f377f52a042668a41abc7478

SHA512
92c3f0def567b0e2f2523ed25eb9d4abff06070b8be744fea4a6678f25f292439d7bc0c8015eaa6281b7f43149eebb3d3821cd6d6436598481113694b11ddea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d8aee42da8235f5f7fbf011dbbd409e

SHA1
e640a2b2d707f9b986f4c6b2a00821c3403e654b

SHA256
4792cef6f0795fa26fbb333205e03aff556faf18c1f588d9ae5e0689c0b17f14

SHA512
92b43995a87c84c09329075e8e9129294de817c9d3d2680c02f7563b9a6cd85850a47b7aeab81b6ad8c0b215a82954cd163b40e39101b5dd8448d39e99a642b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7574817bd89f656babe924aa577d5b32

SHA1
8a55eb9fe8f0915cec250ec013465c0dc7e2c093

SHA256
b5463a95cbe832379818d0758f46c04abd381495f2934cf515cd6c08d77b544b

SHA512
d0bd059299ab7742a4b1f5c0034fde59162c6e013dd4ec476a42ddf54409d90e32884401ec4c0dcc16457f25b820427c1c39bfed9fc5e563852947611d90b359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d3c647ff66ba3b43b495ba3ca66b4ad

SHA1
20024078f3609f7df11a312f0671143fa39f8cde

SHA256
54a8192c3ee15ace0f8b4885aa614b1f7da6b40618f2e7f74a2f3b024a5ece46

SHA512
87d4e2c089b026ccbcc2b3d5085763f7bf244319e96e2c640c5b1d97866272e9abc8f592f50bc50f43dbf880972ab455aba7e3a3e7e19c72b8176b51ed94fe53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4811753e808fb3afe0c762214f07ae93

SHA1
9347289cf2a0ceb93dd45ae023dd2faa295c0081

SHA256
989810de282e7de7f73ac863b47a5795b08724cd51754696428a6a28b87e709c

SHA512
f033c7075c378207bdfe4116772041c9afd0ef1ab24a620149dd4e88f2d9460306800d305599c183dd54f199ac4a733624794531c3d6601228890ceb7a17abe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe

Filesize
104KB

MD5
7bae06cbe364bb42b8c34fcfb90e3ebd

SHA1
79129af7efa46244da0676607242f0a6b7e12e78

SHA256
6ceaebd55b4a542ef64be1d6971fcfe802e67e2027366c52faacc8a8d325ec7a

SHA512
c599b72500a5c17cd5c4a81fcf220a95925aa0e5ad72aa92dd1a469fe6e3c23590c548a0be7ec2c4dbd737511a0a79c1c46436867cf7f0c4df21f8dcea9686cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe

Filesize
133KB

MD5
4618ec5961dbe5d5dc70f36867dfffb7

SHA1
c59105578dc2e4b8d72033609eb61947eda8289a

SHA256
fe84e674500a1d3efb18f8484f9a2bdb923aef33234dfaa0a22677de1f20ec91

SHA512
dfb450fc22303121ebe76134c5a5723cad4d7f488e637e7ffec393f2996327e344ce02ed892dbea822c08f669d90e6edea8b9c8389bab8a10f00f236365ad547

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs

Filesize
104B

MD5
f270dbc56895f26b56609904da0fe698

SHA1
dd910e454193dd1465cf62e7cc2498a2463a4fe5

SHA256
212f4bb100afad4b2c0dc9dc6a3f7f1245b553c1c3729a8d97860626f861fba2

SHA512
960e566d80478374002709a4e47239869eb560a5b076428584c2d5ba39ee80e90b912a64400f6d94c42dbfe65b9bca6360cb250fe7a77b7402c9def00e7e2145

Download Submit
memory/2208-149-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2208-192-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3704-194-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4260-158-0x0000000000400000-0x00000000008B0000-memory.dmp

Filesize
4.7MB

Download
memory/4260-177-0x0000000000400000-0x00000000008B0000-memory.dmp

Filesize
4.7MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads