a2030815225eff8c32ffae0fcb785cd1761d093d205e7ff9d9f8a0c96f89c871

Analysis

max time kernel
98s
max time network
140s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-01-2025 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NjRat Red Edition/Plugin/sc2.dll
Size

46KB
MD5

2d65bc3bff4a5d31b59f5bdf6e6311d7
SHA1

43962fbeb93fc267fb1c7036a12b8c5d6f40c28a
SHA256

010b1ec566be774a2d12146f9826aa31fd7eb6ffe7b45ce5e572b2d8c7f815c3
SHA512

b210d447cc9b4b89402a2a1d3d5e9cfe13ae897c47094be4110ed3aac109152c8a45ec138f73b703e7d3799934234cba4ca3f2439b3dd193a4cec671b9edaa6a
SSDEEP

768:mtAX1G0UYRxIDbYDGN5/eoK79QlRfe2AfgFTMBku2T:mtAFZUYA/uW2x9CJe2BFQB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1288	1996	rundll32.exe	83
PID 1996 wrote to memory of 1288	1996	rundll32.exe	83
PID 1996 wrote to memory of 1288	1996	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\NjRat Red Edition\Plugin\sc2.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\NjRat Red Edition\Plugin\sc2.dll",#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads