Overview

overview

10

Static

static

10

3c7b097b31...0f.exe

windows7-x64

8

3c7b097b31...0f.exe

windows10-2004-x64

8

3c8a6c6cde...86.exe

windows7-x64

10

3c8a6c6cde...86.exe

windows10-2004-x64

10

3ca3e4676b...f1.exe

windows7-x64

10

3ca3e4676b...f1.exe

windows10-2004-x64

10

3cb47c4bbe...c1.exe

windows7-x64

10

3cb47c4bbe...c1.exe

windows10-2004-x64

10

3d18edb3bf...ff.exe

windows7-x64

1

3d18edb3bf...ff.exe

windows10-2004-x64

3d1ee6caf0...b4.exe

windows7-x64

10

3d1ee6caf0...b4.exe

windows10-2004-x64

10

3d2f05086d...0c.exe

windows7-x64

10

3d2f05086d...0c.exe

windows10-2004-x64

10

3d81f411b0...ba.exe

windows7-x64

10

3d81f411b0...ba.exe

windows10-2004-x64

10

3d90976d58...8c.exe

windows7-x64

10

3d90976d58...8c.exe

windows10-2004-x64

10

3d97ea72c5...9e.exe

windows7-x64

10

3d97ea72c5...9e.exe

windows10-2004-x64

10

3dd452b939...18.exe

windows7-x64

3

3dd452b939...18.exe

windows10-2004-x64

3

3dfc71cfc4...bd.exe

windows7-x64

10

3dfc71cfc4...bd.exe

windows10-2004-x64

10

3e435c9ff2...57.exe

windows7-x64

10

3e435c9ff2...57.exe

windows10-2004-x64

10

3e624f48a8...2b.exe

windows7-x64

1

3e624f48a8...2b.exe

windows10-2004-x64

4

3e8acfab95...cc.exe

windows7-x64

10

3e8acfab95...cc.exe

windows10-2004-x64

10

3e9a136b97...9d.exe

windows7-x64

10

3e9a136b97...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d2f05086d9da9564c7c7e945875e80c.exe

  • Size

    43KB

  • MD5

    3d2f05086d9da9564c7c7e945875e80c

  • SHA1

    2a691bccd730f0d1b20743f97ccde01ce625dee1

  • SHA256

    f7faff3064d94d1977899b814099e4276349b80c7896c26142080d540e54a7dc

  • SHA512

    05a876ed8e07d1750a4be4bd20904745fb96203e6bb05c9f861e91bb84ccc97cff0a463dd26e8bb8b5ba2128a98e82ee89433bcfed646b07f79d885c843e4ebf

  • SSDEEP

    384:vZyrUJ1Cj8syWcWrf7E5GiXeEXME5EAftz8Iij+ZsNO3PlpJKkkjh/TzF7pWnU/N:ReUJ04pWcWr7E5ZVMEzXuXQ/o13+L

Score
10/10
njrathackeddiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

if-contest.gl.at.ply.gg:5461

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • Njrat family
    njrat
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d2f05086d9da9564c7c7e945875e80c.exe
    "C:\Users\Admin\AppData\Local\Temp\3d2f05086d9da9564c7c7e945875e80c.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:3984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3984-0-0x000000007469E000-0x000000007469F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3984-1-0x0000000000180000-0x0000000000192000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3984-2-0x0000000004B30000-0x0000000004BCC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3984-3-0x00000000053F0000-0x0000000005994000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3984-4-0x0000000074690000-0x0000000074E40000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3984-5-0x0000000004F50000-0x0000000004FE2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3984-7-0x0000000004F40000-0x0000000004F4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3984-8-0x000000007469E000-0x000000007469F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3984-9-0x0000000074690000-0x0000000074E40000-memory.dmp

    Filesize

    7.7MB

    Download