Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20241010-en -
submitted
28/03/2025, 00:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Matagal.dll
Resource
win7-20241010-en
3 signatures
150 seconds
General
-
Target
Matagal.dll
-
Size
625KB
-
MD5
15eca92e34e9454a052ea59aaf20edcd
-
SHA1
e1ec347b66c41d7059fdee482dec81962771378d
-
SHA256
7d5173f61beea484453765e6ad111a216c7da55740bf3170f24c181fd4d679c9
-
SHA512
5862e0c0bfae274202b8d4ee964dcec8c04a195b0c967250b0d7e5dcfccc9dbab413fbc4b3665c30dc2012c58d715c406d7cb0c4f5f39356b2bd9c3cd29baa6d
-
SSDEEP
12288:zUfWW8JqnJr6no4pzfu7+xdtJk3e5J0aPMMed:xLJqt6no4p2yt2cJrP
Malware Config
Signatures
-
Detect JanelaRAT payload 2 IoCs
resource yara_rule behavioral1/memory/2860-2-0x000000001AD60000-0x000000001AE04000-memory.dmp family_janelarat behavioral1/memory/2860-3-0x0000000001BE0000-0x0000000001C84000-memory.dmp family_janelarat -
Janelarat family
-
Blocklisted process makes network request 1 IoCs
flow pid Process 4 2860 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe 2860 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2860 rundll32.exe