aac5b302910be9b2c904f039129d3c42eb1e4b1539ef6de621669793a95c7e69

Analysis

max time kernel
22s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NjRat 0.7D Golden Edition - Rus.exe
Size

1.9MB
MD5

8d540934a359a0480de188a748b3d573
SHA1

556693330454d09e461b0cc16c2c8f69f7f3cd45
SHA256

c81d701c3a4d6b7bcaa40f9c92a1bcfdf2f829954cf1ca15556712fbdc792834
SHA512

d2214389578a2928cc51b7fb098dd8d1ed4677f97a3f6bb18ec5494a3247866c400af7fe5d1a326cd25faf6090139849d3ef0fbb43c62075e5a436c0599d47b9
SSDEEP

24576:S69t3fGD4IC7VS2s5G8xQ63UJzyS6P/qY7/:S6T3vs5txQ63OqP/P7

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5804	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5452	NjRat 0.7D Golden Edition - Rus.exe
5452	NjRat 0.7D Golden Edition - Rus.exe
5452	NjRat 0.7D Golden Edition - Rus.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5452	NjRat 0.7D Golden Edition - Rus.exe
5452	NjRat 0.7D Golden Edition - Rus.exe
5452	NjRat 0.7D Golden Edition - Rus.exe

C:\Users\Admin\AppData\Local\Temp\NjRat 0.7D Golden Edition - Rus.exe
"C:\Users\Admin\AppData\Local\Temp\NjRat 0.7D Golden Edition - Rus.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5452-0-0x00007FFE974D5000-0x00007FFE974D6000-memory.dmp

Filesize
4KB

Download
memory/5452-1-0x000000001C280000-0x000000001C326000-memory.dmp

Filesize
664KB

Download
memory/5452-2-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-3-0x000000001C880000-0x000000001CD4E000-memory.dmp

Filesize
4.8MB

Download
memory/5452-4-0x000000001CDF0000-0x000000001CE8C000-memory.dmp

Filesize
624KB

Download
memory/5452-5-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-6-0x0000000001C40000-0x0000000001C48000-memory.dmp

Filesize
32KB

Download
memory/5452-7-0x000000001CF00000-0x000000001CF4C000-memory.dmp

Filesize
304KB

Download
memory/5452-8-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-9-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-11-0x000000001D9A0000-0x000000001D9B2000-memory.dmp

Filesize
72KB

Download
memory/5452-10-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-12-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-13-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-14-0x00007FFE974D5000-0x00007FFE974D6000-memory.dmp

Filesize
4KB

Download
memory/5452-15-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-16-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-17-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-18-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-19-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-20-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-21-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download
memory/5452-22-0x00007FFE97220000-0x00007FFE97BC1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads