Overview

overview

10

Static

static

10

NjRat.0.7D-main.zip

windows11-21h2-x64

1

Analysis

  • max time kernel
    87s
  • max time network
    190s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/03/2025, 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NjRat.0.7D-main.zip

  • Size

    48.8MB

  • MD5

    80d3d5163cafe75e0f2d1666a4c65414

  • SHA1

    b94d1e8abcf337c888f403e4e7563c896fa7d51c

  • SHA256

    d96bb6e66aef5a2901a0bfb80df3382d79cdcf60c9916badf27b456244bc6929

  • SHA512

    d606abeacdb158dfdfabd89d7e3c12800704faa499821d01494899d5c36d93d2cc540d8747633535e148abffba4ac8c1fb3016fc03535c3d75cf74edd34daae3

  • SSDEEP

    1572864:u5rfgndUOnIfRGjDT159RHXDZ8411rbYfkI:u5rf0mOnGRaThBZ84frUsI

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 24 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NjRat.0.7D-main.zip
    1⤵
      PID:2104
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5068
    • C:\Windows\system32\BackgroundTransferHost.exe
      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
      1⤵
      • Modifies registry class
      PID:2012
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:928
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1984 -prefsLen 27097 -prefMapHandle 1988 -prefMapSize 270279 -ipcHandle 2064 -initialChannelId {9046475d-a42b-4ecf-9bc6-56a39df96e22} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
          3⤵
            PID:696
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2432 -prefsLen 27133 -prefMapHandle 2436 -prefMapSize 270279 -ipcHandle 2444 -initialChannelId {9b77b904-ebc6-4f14-9ee0-5bfbd409b69b} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
            3⤵
            • Checks processor information in registry
            PID:1156
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3676 -prefsLen 27323 -prefMapHandle 3680 -prefMapSize 270279 -jsInitHandle 3684 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3692 -initialChannelId {db90b87b-76d9-4e11-8424-7af1244514bf} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
            3⤵
            • Checks processor information in registry
            PID:3796
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3840 -prefsLen 27323 -prefMapHandle 3844 -prefMapSize 270279 -ipcHandle 3920 -initialChannelId {6d881301-9a24-46aa-89dd-0cd5f373b7df} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
            3⤵
              PID:3964
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4464 -prefsLen 34822 -prefMapHandle 4468 -prefMapSize 270279 -jsInitHandle 4472 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1684 -initialChannelId {5581a7b9-a01f-4e9f-889e-b8962ed37c27} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
              3⤵
              • Checks processor information in registry
              PID:3932
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4960 -prefsLen 34929 -prefMapHandle 4964 -prefMapSize 270279 -ipcHandle 4632 -initialChannelId {39d69ee0-565e-4a63-a669-907abbf60247} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
              3⤵
              • Checks processor information in registry
              PID:5956
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4888 -prefsLen 32952 -prefMapHandle 5436 -prefMapSize 270279 -jsInitHandle 5424 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5444 -initialChannelId {782fc994-3fb5-4eaa-b716-a058d38fdd31} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
              3⤵
              • Checks processor information in registry
              PID:1004
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5612 -prefsLen 32952 -prefMapHandle 5616 -prefMapSize 270279 -jsInitHandle 5620 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5628 -initialChannelId {6f845ddd-8313-4930-8c52-cf0b4a143130} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
              3⤵
              • Checks processor information in registry
              PID:848
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5804 -prefsLen 32952 -prefMapHandle 5808 -prefMapSize 270279 -jsInitHandle 5812 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5820 -initialChannelId {ee29a42c-306e-4be9-90ff-ab6dd04c91e3} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
              3⤵
              • Checks processor information in registry
              PID:5644
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5444 -prefsLen 33071 -prefMapHandle 6196 -prefMapSize 270279 -jsInitHandle 6188 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1424 -initialChannelId {0ab7ef00-d87a-441f-8dbd-fa0d7b22d8b4} -parentPid 928 -crashReporter "\\.\pipe\gecko-crash-server-pipe.928" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
              3⤵
              • Checks processor information in registry
              PID:6124

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zr0euw58.default-release\activity-stream.discovery_stream.json.tmp
          Filesize

          24KB

          MD5

          85ddefd19ee2bb09e87fe31b29ab8ae0

          SHA1

          080857a6a7754208e8957943cdfc8b7603b34580

          SHA256

          8316531fb1a25c5b27fac48c60064d30a6320fdee0d5be6059768a5b52e6a9f7

          SHA512

          47885eeee3ebc7d74e42de68fecedb4e6826bcc2ada9b1c0818025b850ce7aff7f231258373c01d87b56b72c0a296ed0b70f40f0d600a7291b3e18eefb383766

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\68aa190f-4532-4cb5-9f38-338f5b4fdd91.down_data
          Filesize

          555KB

          MD5

          5683c0028832cae4ef93ca39c8ac5029

          SHA1

          248755e4e1db552e0b6f8651b04ca6d1b31a86fb

          SHA256

          855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

          SHA512

          aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
          Filesize

          23KB

          MD5

          4d3c3d9ad00895d9426cf59dec06a7b4

          SHA1

          4bb8d8be9b20d53fac4ea12fa0bf446b6270debb

          SHA256

          07e2476928c94105eec0ec8b10925e0f26b7eea9bd5d65d0ff960d1022d85281

          SHA512

          0ad7c544c1c4b2d9d9169a8b60ab32b44d5cb43488a5f2486108480f6f17b2c5e7dc00cb75e14cbf148c138876552ec57b401ff16e755bdd92bb8b77c715bec2

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
          Filesize

          23KB

          MD5

          f89a0dd4ee4929eb62b12c3abed24775

          SHA1

          1eea9d8c1aa2d753ba7fd3fdbf06cd2df3e69ae6

          SHA256

          3163a399cd9c4930c1440dd87c314a2644c10b772a0172035c61da7570337f67

          SHA512

          2f130544997993d5269246a5f443649aaebc0ecdf727e469a394255858b265bcec6368caeed64f3b1355046f3e1fa996013c558c4c2f732d953317604ead7fc3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\AlternateServices.bin
          Filesize

          6KB

          MD5

          342af31b6875d20476d5218dc295a83e

          SHA1

          df480277aded7a67c09e2cb8905273c44f6e2c1f

          SHA256

          fe8ac8496fd76ef82a4cd91e56d792687e34b4ca35c91baaed0e2e2ccde5d9cb

          SHA512

          39b7a56ffd782eb9bdeeda571dcd4e04b76567cf94737f451e975116c3fa8032db5a4bdaac11b928f3244f1734cf6d83f4b30aeadd0f2c0ff7e604144bd456da

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\db\data.safe.tmp
          Filesize

          7KB

          MD5

          d1a30cbfa1986d2b607ce99d942b631d

          SHA1

          b82dd14fe63488cbc6fbb119cb992c1e2d9355bb

          SHA256

          3a5c5e6a5c18ab4fba9a6798ea77827b6fdc988aff067eb57123592d667b0f08

          SHA512

          33157229b4f49e1d8fdc632e9900356d64b264341b16d05b67b2f6e70803f6bcca004f3481fde442ce13fa10f92f81063dd52c4fb333526c3841d14eace13b8d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\db\data.safe.tmp
          Filesize

          6KB

          MD5

          facc83c118f8dc09c4a5cf3e86923c42

          SHA1

          6b1277ec5ebe0803a4ab12ab4635180d20bc563b

          SHA256

          4c5adf08f23068bdca1a1f3796efb7178e55ba3d76384ca093349ebfb80b93cd

          SHA512

          8ab350621061090bbf7503167ecb14452355d2ac5653c4b11b416d16b0fa19ee9167fe5f6f4d507d7ddc9aff533d58687474088481d886bf180c3018bfe632a7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\events\events
          Filesize

          1KB

          MD5

          a895c60325b90ce93dcc29b424f1cbad

          SHA1

          46a180aeaf47674a308c19926d469ffd574de100

          SHA256

          d4dc5928bc614ccb5af56e810efbcb094cfa566efe953c99c24c39537e22621a

          SHA512

          bca97fa7e64c9352cf08f9b4af3de3906660fbb9f8566f129733769b7432aa05bf7c3caf335471d3a935d54d3bb1b0205c9c9c9ff5af5ac1deae5fa0046f3477

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\pending_pings\08b012b5-cb64-4c47-b326-8a70a95782a2
          Filesize

          16KB

          MD5

          a4fd4d3429e80379bd7d9c1c60c84869

          SHA1

          1bf725094a78d7706fa322da1efd971130372267

          SHA256

          efa41244d3bd35bfd45f935d9f5cc4bf3ecd4bedcebacf0e9e04fd0badbb0ad6

          SHA512

          99e1f5617320215e19c9689a06bfcff597f51f4c33430aa559ddeb607a70333034d1b7aa2bae370aab232c329b8819b45776f56ee14b990c4d320996a7f4e741

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\pending_pings\223e6430-d122-4ebc-b298-2f4a5d20b51e
          Filesize

          886B

          MD5

          7a94e958f4de73ac5e356b40f515cae0

          SHA1

          cbae6ea5c8276ade0190504531fcc1cbb169f1f0

          SHA256

          35d2f32ab5c43ebff2afac1d7fe47066da199f6752aeffd512b8f9af71d834a1

          SHA512

          653d0f27f7b8a016b601232752d814966abc403947791ca0c172d04ab1a4fe37f4a39f93776336a079efc6643918557ae3574532cafd617b8b608448d7a9c34b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\pending_pings\2c8a3140-9242-48c3-9924-ab067c96e8ef
          Filesize

          883B

          MD5

          0cc2cb8272dcab66e6891bd880cb3d9f

          SHA1

          7fccc90181e6c4cb59fe6a6245f85c9e18259b84

          SHA256

          50702b471996fedd957388351b051c8c7953a6e8b7c6a1a172292b2a45881ad7

          SHA512

          13ad91515cebd496bc97fbba38c3a702249e5bbcddb0f1d640519435e2991341267a5ab4f8bcf8acb310525ba350af9c7c3e2a3f5682b4e0e7a1ba828b5e00de

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\pending_pings\441864a4-c1b4-4b1b-be75-ae4da3ed1b28
          Filesize

          235B

          MD5

          6d61bf0decea61925176fe564e80426f

          SHA1

          49aa573a53e7ca357f679ccfaa8cceafcba1358f

          SHA256

          4faf80244024f8ff28f54b30ee654a53da9fda6421031a933bef70bf7733aacf

          SHA512

          51b8f89f906b5bbee678daea8e4493cf182b662ab8e071b03d86314982eb38a5a780c4134fffa11e13a79d1e9c34fad8b88770082dfed73a35a6c05b7cbadd82

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\pending_pings\667df7c9-47be-405d-9e1f-8b3d698b232e
          Filesize

          2KB

          MD5

          c24424efcdb8296565723906dd3b22b1

          SHA1

          d229373cbc4889b3038460065377865b74e711ae

          SHA256

          7c18e986e3a92339fe702ffed63833740a6ced4ee8f0ae5c3d51aa65a6216dbe

          SHA512

          7f0640403d2f794912aa2d47abbe418f068832432e642c6e5077a37e278e7504eed62dee1af4f62eda65bffe929ba16f24b4864fcd0eee57440151c1cfb79118

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\datareporting\glean\pending_pings\ae46a7f6-03ef-4a79-9e8b-8a2a4d0dc297
          Filesize

          235B

          MD5

          de3ae1a4039c1696cbcbd671592b84cf

          SHA1

          fcfca863b7886195da17d9e49fae477289d9e9e8

          SHA256

          e707874cff9d213736c582ee8e4b6bad3887618fc7dd802e29a9bcc0127de512

          SHA512

          1b6f636677b3480234fead53beba760a9dabe538aacc50d3387df169c2d62423b24f6dfa98b4245acd123ae8131c5ce8c6767667bfbd125e04d662738106b43d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\prefs-1.js
          Filesize

          6KB

          MD5

          5f81722e18a3161785c187a61a81410d

          SHA1

          4bd42cb45641e0fc280e9a2548cb215c56675caa

          SHA256

          e3bc7a02db030262cd0cf83f4e44ce3936adb680b8be194bc23c7b285e1c1989

          SHA512

          f08471595bc9a37bfbf8662de10e2d0a4e4bde369ba216b45afa57be6e9a0f19b930a9a237bed7ffebad8407e3d3e0c2afac88b15e11ce380fb6f1f98874f78d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\prefs-1.js
          Filesize

          6KB

          MD5

          28c6296cdbe9838f54e6a1de2fd59ee9

          SHA1

          ea1d76bc040705ce2636341378bb2dfd6bf6dbba

          SHA256

          1726477b0934cc1980c81b0fd9e1e0354c417c983c41d41c0967faaf18b7e8aa

          SHA512

          d310349373a1ec1f48cc7b8cdcd1693cde9516ce7ef5f64d39a2c3f1b30efd77dc01a12a186b99b8962bd3b99f2137ab11e3bee8d622ea455264923ae8475c52

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\prefs.js
          Filesize

          6KB

          MD5

          f45b48af346231673a8996cc7081ec03

          SHA1

          e6d36a2a96e4dcc3da547f075c2897075615448e

          SHA256

          b98faf23454ddbe7b853cb9bfd152b1029aa5e1b49a2de7f56df60d0d437fe37

          SHA512

          27408964ad031e7b91b653715df1a9153973c0d6497264cc8cb4ef3f6946e4dd8a263a7245ef4e8ec18cf425d4c594fa8973639e5bd8b260c1c67f4e1bcab1f3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zr0euw58.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
          Filesize

          1.8MB

          MD5

          661301bc1db1235740d18c82490c5e41

          SHA1

          36a997cc48d8c13294adc0369c8bf3ed36ffebb7

          SHA256

          e1acc44f79f6011bd93690b779ab3ccaa4e97fa075a5f28964a6600c6c748054

          SHA512

          eb2649fd85fa962745f21f4b4dafccb8683924d3782969ce2754f148ba882a3c195599c6e5e5d84d3a3aaaa1f63155cf81995dd7a726837d29e9f33630a0dda2

          Download Submit