URL:

https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS

Full analysis: https://app.any.run/tasks/1b33fb52-523f-4c16-81fa-62be6b4648e8
Verdict: Malicious activity
Threats:

njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world.

Malware Trends Tracker     >>>
Analysis date: January 03, 2024, 20:41:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
njrat
Indicators:
MD5:

2AEB63CBCF2AE38A378D3105DA24327A

SHA1:

2C8A8C4C22A0CF8A46B19EB4B99B58D9968D33C8

SHA256:

C98B31950626FC0586044905098044500AD0FED62405FB4BE25FE1604A7D9CDC

SSDEEP:

3:N8tEd42IKf+V10nRLLC:2ue2IDVenR/C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • NJRAT has been detected (YARA)

      • New Client.exe (PID: 292)

    • Starts CMD.EXE for self-deleting

      • New Client.exe (PID: 292)

  • SUSPICIOUS

    • Reads the Internet Settings

      • NjRat Platinum Edition.exe (PID: 240)

    • Starts CMD.EXE for commands execution

      • New Client.exe (PID: 292)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 116)
      • chrome.exe (PID: 1636)

    • Manual execution by a user

      • chrome.exe (PID: 1636)
      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 1820)
      • New Client.exe (PID: 292)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3264)
      • chrome.exe (PID: 3628)
      • WinRAR.exe (PID: 1976)
      • ilasm.exe (PID: 3744)
      • NjRat Platinum Edition.exe (PID: 240)

    • The process uses the downloaded file

      • chrome.exe (PID: 4052)
      • WinRAR.exe (PID: 1976)

    • Checks supported languages

      • NjRat Platinum Edition.exe (PID: 240)
      • ilasm.exe (PID: 3744)
      • New Client.exe (PID: 1820)
      • New Client.exe (PID: 292)

    • Reads the computer name

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 1820)
      • New Client.exe (PID: 292)

    • Reads Environment values

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 292)

    • Create files in a temporary directory

      • NjRat Platinum Edition.exe (PID: 240)

    • Reads the machine GUID from the registry

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 1820)
      • New Client.exe (PID: 292)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

NjRat

(PID) Process(292) New Client.exe
C2127.0.0.1
Ports6522
BotnetHacKed
Options
Auto-run registry keySoftware\Microsoft\Windows\CurrentVersion\Run\Client.exe
Splitter|Ghost|
Versionnull
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
83
Monitored processes
38
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs chrome.exe no specs njrat platinum edition.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs ilasm.exe no specs #NJRAT new client.exe no specs chrome.exe no specs new client.exe no specs chrome.exe no specs cmd.exe no specs ping.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Internet Explorer\iexplore.exe" "https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
240"C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe" C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225547
Version:
0.7.0.6
Modules
Images
c:\users\admin\desktop\njrat-platinum-edition-rus-main\njrat-0.7d-platinum-edition-rus\njrat platinum edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
292"C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exe" C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\njrat-platinum-edition-rus-main\njrat-0.7d-platinum-edition-rus\new client.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
NjRat
(PID) Process(292) New Client.exe
C2127.0.0.1
Ports6522
BotnetHacKed
Options
Auto-run registry keySoftware\Microsoft\Windows\CurrentVersion\Run\Client.exe
Splitter|Ghost|
Versionnull
784ping 0 -n 2 C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
1000"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1036"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1264"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3616 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1344"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4164 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1636"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1820"C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exe" C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\njrat-platinum-edition-rus-main\njrat-0.7d-platinum-edition-rus\new client.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
21 886
Read events
21 654
Write events
225
Delete events
7

Modification events

(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
21
Suspicious files
561
Text files
154
Unknown types
0

Dropped files

PID
Process
Filename
Type
2032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HSW3ANKI.txttext
MD5:C0A36482DF3AD46795DEF700C1747CB2
SHA256:24F048DAE58FCFDE0588D2E3FFEDA6526CFD8290DD0E3550C8B08A13F207A307
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:04045ABEC5D1E79C230C79B7D552CF67
SHA256:60AE237DDC714400583F51CFE9C5C869F48B094EC6FB9D9BFD676781DE14B7C8
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:E99DBE1F2B6AB6FB8B1E48D8DD7066A2
SHA256:B913B2652D97EC631F9F89FE4F66FF36EEE9DA0A5658F1DB270AE16240B91BC1
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:537E4CB4CD15A6E86C08428921B56294
SHA256:253855A5CA239D8F2B169AD882297F826618337BB53FD88F9CDF05EA4B26E382
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\dark-56010aa53a8f[1].csstext
MD5:7110FBC4050DE42CAE72D8A68F513BE9
SHA256:75564BC9CEA3F9A261DA3423633C1E235CFF36AD4656C0053136567FC512716C
2032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQDHICYI.txttext
MD5:EB2F5931C8B94BBD790978EF7651D3A8
SHA256:8B6731FC6D32DFF090986E71620C73ABF6B96439C141E9F66DB12F6124BD6705
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\light-38f1bf52eeeb[1].csstext
MD5:A42BEC9F78A4A06DB5216358416DD0CC
SHA256:30A7DB90B8A00A79548E168113FFA6DE2F8A6D1A30A4242D2570C02F43A4BF67
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\njRAT-Platinum-Edition-RuS[1].htmhtml
MD5:8004F8D58B73AB345E53459D3650F832
SHA256:AC8130587C65DE570E9737CC2CB138E822B57749B57C76A8EFC328573A4D851B
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\primer-fb122a21966c[1].csstext
MD5:618A30D19020994B886A4F09623C05DC
SHA256:0152A2E2521A692E255752D631F540562BC400F223D5FCC20A6FF20F1A5F8D61
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
77
DNS requests
83
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2032
iexplore.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f6bf34dbb61e71d7
unknown
compressed
4.66 Kb
unknown
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAzQqL7GMs%2FmReygqbCE%2Bxw%3D
unknown
binary
312 b
unknown
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
binary
471 b
unknown
116
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?67308e0939100114
unknown
unknown
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
unknown
116
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
116
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?111b88f027149bc7
unknown
unknown
116
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
116
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
binary
471 b
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acf5iuk6pnjlc6lnxtqm5ki6eoqq_112.300.200/gkmgaooipdjhmangpemjhigmamcehddo_112.300.200_win_aclnpjhtsv44pze3qmxsxb7fq66q.crx3
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2032
iexplore.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
2032
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2032
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2032
iexplore.exe
185.199.108.154:443
github.githubassets.com
FASTLY
US
unknown
2032
iexplore.exe
185.199.108.133:443
avatars.githubusercontent.com
FASTLY
US
unknown
116
iexplore.exe
185.199.108.154:443
github.githubassets.com
FASTLY
US
unknown
116
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
116
iexplore.exe
2.20.142.154:443
www.bing.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.121.3
shared
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
github.githubassets.com
  • 185.199.108.154
  • 185.199.111.154
  • 185.199.109.154
  • 185.199.110.154
whitelisted
avatars.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.111.133
  • 185.199.110.133
whitelisted
github-cloud.s3.amazonaws.com
  • 54.231.140.137
  • 52.216.50.161
  • 16.182.67.161
  • 52.216.249.12
  • 52.217.12.228
  • 52.217.131.169
  • 52.216.133.131
  • 52.217.202.185
  • 52.217.200.65
  • 16.182.96.129
  • 54.231.171.81
  • 3.5.29.37
  • 3.5.29.192
  • 16.182.107.249
  • 54.231.233.145
  • 52.216.54.33
  • 3.5.25.117
  • 52.217.164.41
  • 3.5.1.110
  • 54.231.135.97
  • 52.216.205.3
  • 52.216.106.172
  • 52.216.186.227
  • 52.216.9.19
shared
user-images.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.111.133
  • 185.199.110.133
whitelisted
private-user-images.githubusercontent.com
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.109.133
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.20.142.154
  • 92.122.215.57
  • 92.122.215.95
  • 92.122.215.53
  • 2.20.142.180
  • 2.20.142.3
  • 2.20.142.155
  • 2.20.142.187
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS