URL:

https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS

Full analysis: https://app.any.run/tasks/1b33fb52-523f-4c16-81fa-62be6b4648e8
Verdict: Malicious activity
Threats:

njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world.

Malware Trends Tracker     >>>
Analysis date: January 03, 2024, 20:41:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
njrat
Indicators:
MD5:

2AEB63CBCF2AE38A378D3105DA24327A

SHA1:

2C8A8C4C22A0CF8A46B19EB4B99B58D9968D33C8

SHA256:

C98B31950626FC0586044905098044500AD0FED62405FB4BE25FE1604A7D9CDC

SSDEEP:

3:N8tEd42IKf+V10nRLLC:2ue2IDVenR/C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts CMD.EXE for self-deleting

      • New Client.exe (PID: 292)

    • NJRAT has been detected (YARA)

      • New Client.exe (PID: 292)

  • SUSPICIOUS

    • Reads the Internet Settings

      • NjRat Platinum Edition.exe (PID: 240)

    • Starts CMD.EXE for commands execution

      • New Client.exe (PID: 292)

  • INFO

    • The process uses the downloaded file

      • chrome.exe (PID: 4052)
      • WinRAR.exe (PID: 1976)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3264)
      • WinRAR.exe (PID: 1976)
      • chrome.exe (PID: 3628)
      • ilasm.exe (PID: 3744)
      • NjRat Platinum Edition.exe (PID: 240)

    • Manual execution by a user

      • chrome.exe (PID: 1636)
      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 292)
      • New Client.exe (PID: 1820)

    • Application launched itself

      • iexplore.exe (PID: 116)
      • chrome.exe (PID: 1636)

    • Checks supported languages

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 292)
      • ilasm.exe (PID: 3744)
      • New Client.exe (PID: 1820)

    • Reads the machine GUID from the registry

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 1820)
      • New Client.exe (PID: 292)

    • Reads the computer name

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 1820)
      • New Client.exe (PID: 292)

    • Reads Environment values

      • NjRat Platinum Edition.exe (PID: 240)
      • New Client.exe (PID: 292)

    • Create files in a temporary directory

      • NjRat Platinum Edition.exe (PID: 240)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

NjRat

(PID) Process(292) New Client.exe
C2127.0.0.1
Ports6522
BotnetHacKed
Options
Auto-run registry keySoftware\Microsoft\Windows\CurrentVersion\Run\Client.exe
Splitter|Ghost|
Versionnull
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
83
Monitored processes
38
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs chrome.exe no specs njrat platinum edition.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs ilasm.exe no specs #NJRAT new client.exe no specs chrome.exe no specs new client.exe no specs chrome.exe no specs cmd.exe no specs ping.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Internet Explorer\iexplore.exe" "https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
240"C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe" C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225547
Version:
0.7.0.6
Modules
Images
c:\users\admin\desktop\njrat-platinum-edition-rus-main\njrat-0.7d-platinum-edition-rus\njrat platinum edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
292"C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exe" C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\njrat-platinum-edition-rus-main\njrat-0.7d-platinum-edition-rus\new client.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
NjRat
(PID) Process(292) New Client.exe
C2127.0.0.1
Ports6522
BotnetHacKed
Options
Auto-run registry keySoftware\Microsoft\Windows\CurrentVersion\Run\Client.exe
Splitter|Ghost|
Versionnull
784ping 0 -n 2 C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
1000"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1036"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1264"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3616 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1344"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4164 --field-trial-handle=1152,i,15754706614455579535,12149998407266436173,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1636"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1820"C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exe" C:\Users\admin\Desktop\njRAT-Platinum-Edition-RuS-main\njRAT-0.7d-Platinum-Edition-RuS\New Client.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\njrat-platinum-edition-rus-main\njrat-0.7d-platinum-edition-rus\new client.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
21 886
Read events
21 654
Write events
225
Delete events
7

Modification events

(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
21
Suspicious files
561
Text files
154
Unknown types
0

Dropped files

PID
Process
Filename
Type
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:E99DBE1F2B6AB6FB8B1E48D8DD7066A2
SHA256:B913B2652D97EC631F9F89FE4F66FF36EEE9DA0A5658F1DB270AE16240B91BC1
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:04045ABEC5D1E79C230C79B7D552CF67
SHA256:60AE237DDC714400583F51CFE9C5C869F48B094EC6FB9D9BFD676781DE14B7C8
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\light-38f1bf52eeeb[1].csstext
MD5:A42BEC9F78A4A06DB5216358416DD0CC
SHA256:30A7DB90B8A00A79548E168113FFA6DE2F8A6D1A30A4242D2570C02F43A4BF67
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:537E4CB4CD15A6E86C08428921B56294
SHA256:253855A5CA239D8F2B169AD882297F826618337BB53FD88F9CDF05EA4B26E382
2032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQDHICYI.txttext
MD5:EB2F5931C8B94BBD790978EF7651D3A8
SHA256:8B6731FC6D32DFF090986E71620C73ABF6B96439C141E9F66DB12F6124BD6705
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04der
MD5:A20A1B6B331F601BBDEEAEEA908A9B14
SHA256:28C49C42037BA293C675A38462F475FD53C668D2781E53C45BC444D81A3F9C35
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1Cbinary
MD5:216B3B39CC04A4B54DB49ADD46053BAB
SHA256:7C6C9779DB0C434721F7651BCEE49252706C7668150DC12ED8C1DD9422FCB669
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1Cbinary
MD5:21B1C4F6D472D990937DABE4A61772C3
SHA256:9056E9BC747147DDFC82C7FD272EB7D1353F1599190B2BAB7A3AF69B1B63B7BE
2032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HSW3ANKI.txttext
MD5:C0A36482DF3AD46795DEF700C1747CB2
SHA256:24F048DAE58FCFDE0588D2E3FFEDA6526CFD8290DD0E3550C8B08A13F207A307
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
77
DNS requests
83
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2032
iexplore.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f6bf34dbb61e71d7
unknown
compressed
4.66 Kb
2032
iexplore.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?608cb4ab6d3f68d3
unknown
compressed
4.66 Kb
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
binary
471 b
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAzQqL7GMs%2FmReygqbCE%2Bxw%3D
unknown
binary
312 b
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
binary
471 b
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
116
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?67308e0939100114
unknown
116
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?111b88f027149bc7
unknown
116
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
116
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
2032
iexplore.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
2032
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2032
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
2032
iexplore.exe
185.199.108.154:443
github.githubassets.com
FASTLY
US
unknown
2032
iexplore.exe
185.199.108.133:443
avatars.githubusercontent.com
FASTLY
US
unknown
116
iexplore.exe
185.199.108.154:443
github.githubassets.com
FASTLY
US
unknown
116
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
116
iexplore.exe
2.20.142.154:443
www.bing.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.121.3
unknown
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
github.githubassets.com
  • 185.199.108.154
  • 185.199.111.154
  • 185.199.109.154
  • 185.199.110.154
unknown
avatars.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.111.133
  • 185.199.110.133
unknown
github-cloud.s3.amazonaws.com
  • 54.231.140.137
  • 52.216.50.161
  • 16.182.67.161
  • 52.216.249.12
  • 52.217.12.228
  • 52.217.131.169
  • 52.216.133.131
  • 52.217.202.185
  • 52.217.200.65
  • 16.182.96.129
  • 54.231.171.81
  • 3.5.29.37
  • 3.5.29.192
  • 16.182.107.249
  • 54.231.233.145
  • 52.216.54.33
  • 3.5.25.117
  • 52.217.164.41
  • 3.5.1.110
  • 54.231.135.97
  • 52.216.205.3
  • 52.216.106.172
  • 52.216.186.227
  • 52.216.9.19
unknown
user-images.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.111.133
  • 185.199.110.133
unknown
private-user-images.githubusercontent.com
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.109.133
unknown
api.bing.com
  • 13.107.5.80
unknown
www.bing.com
  • 2.20.142.154
  • 92.122.215.57
  • 92.122.215.95
  • 92.122.215.53
  • 2.20.142.180
  • 2.20.142.3
  • 2.20.142.155
  • 2.20.142.187
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS