File name: | njRAT-v0.8d-main.zip |
Full analysis: | https://app.any.run/tasks/f8961287-9624-4745-922b-52a1395cd77c |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 01:54:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | F24F04C85A6284CECDAFF4C06150DCB2 |
SHA1: | 3C44F5A5F3AC36D5596B493568A8A7B178D373B3 |
SHA256: | 2A3B7EC401837252DDCBA8253D7E4A4027061B53C0DC7ABD972CC5BACAF98438 |
SSDEEP: | 49152:JLEb2G7hYKfxG7GByoflLEb2G7hYKfx86pChJh4Q:LG73fxbdnG73fxJ2 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2020:11:13 22:44:08 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | njRAT-v0.8d-main/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3148 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\njRAT-v0.8d-main.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
4080 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
3640 | "C:\Users\admin\Desktop\njRAT-v0.8d-main\njRAT v0.8d.exe" | C:\Users\admin\Desktop\njRAT-v0.8d-main\njRAT v0.8d.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: Version: 1.0.0.0 |
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\njRAT-v0.8d-main.zip | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3148) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Plugin\PEPSI-CH.dll | executable | |
MD5:1CB8FA647355805F2AE6A7E6BB71B138 | SHA256:89A1BBE42CDE01DDFE531D69DD6EA6575296096010400CB63CBF4999ECA52E52 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Plugin\pw.dll | executable | |
MD5:DB87DAF76C15F3808CEC149F639AA64F | SHA256:A3E4BEE1B6944AA9266BD58DE3F534A4C1896DF621881A5252A0D355A6E67C70 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Stub.exe | executable | |
MD5:9AC810F92B1ED48EA03396D74425BC2E | SHA256:296DE887D687F4C1146C57E9157C343F9F8DDCCFC79F8F5033F0A57D443E0AD7 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\GeoIP.manifest | prg | |
MD5:D6A5BA3494C5CFA8ADAABA2D5F138610 | SHA256:5FA0FD7178A5883A5A9C66DE58F01BCD66FB156A515E21E7CAE1E00EC4226360 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Plugin\PEPSI-F.dll | executable | |
MD5:51C2EE936DED2E55F8BCC8CBA6E3B330 | SHA256:F132324ACF09C0562A1CAD1288BFB4021BD991659126D21ECB9499938BF6ACB3 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Plugin\PEPSI-C.dll | executable | |
MD5:0A1CA904B3D688C01F4E5FAAE811922B | SHA256:B02C56D29447690CDAFD8F2F6877D526D1F6EFCAAE74017719C460D9B3EE38B8 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Plugin\PEPSI-S.dll | executable | |
MD5:70AC2237257012E013331E749D42A70B | SHA256:E728AFC5D081EAABE3297D0DDD8387D0DF0BBED0F73EE3B04C4588CB89EFEA51 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Stub.manifest | prg | |
MD5:D6A5BA3494C5CFA8ADAABA2D5F138610 | SHA256:5FA0FD7178A5883A5A9C66DE58F01BCD66FB156A515E21E7CAE1E00EC4226360 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\WinMM.Net.dll | executable | |
MD5:D4B80052C7B4093E10CE1F40CE74F707 | SHA256:59E2AC1B79840274BDFCEF412A10058654E42F4285D732D1487E65E60FFBFB46 | |||
3148 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3148.34335\njRAT-v0.8d-main\Mono.Cecil.dll | executable | |
MD5:851EC9D84343FBD089520D420348A902 | SHA256:CDADC26C09F869E21053EE1A0ACF3B2D11DF8EDD599FE9C377BD4D3CE1C9CDA9 |