Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe
Resource
win10v2004-20241007-en
General
-
Target
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe
-
Size
136KB
-
MD5
79500f7c4b6cf21732b6ef0414c2dfa7
-
SHA1
512a900a0b8bbddca9071fa91958fc2ed8e1e10c
-
SHA256
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9
-
SHA512
2098e52b357864b22e3f40b6d5e1bb0a830aa874eb0c6b8ad44aa04e318b810885d33806a2a67b915ed142d146fa0f702fe5c1d2eb495c34fb030b69e5481dcc
-
SSDEEP
1536:OWzOx6baIa9RIj00ljEwzGi1dD3DXgSAhA4OK4VVpuXQQdo3MU:OWLbaIa9ijNSi1dnQD9Rea3I
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
a673af9338ff8860401a647b33db3833
-
reg_key
a673af9338ff8860401a647b33db3833
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe
Files
-
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ