analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

NjRat 0.7D Danger Edition.zip

Full analysis: https://app.any.run/tasks/86ea4da3-dcfb-4920-aafa-cdb729079bac
Verdict: Malicious activity
Analysis date: August 08, 2020, 16:46:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

B4CC9EDDC04D2AD55F6619E225B18F15

SHA1:

DE91E18E3B3A095EA1BD03D12FD4DFD3AEACDE5C

SHA256:

D7717F835E324E038BD3D6FE673286B768959BCD163C2DD9BDF9B8072881A67F

SSDEEP:

393216:zpM+xwFXeI4ejSKKEv1Wk9vydHGaY5OahBOCb:ze+5nej9KGZ9nF5OMBOs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ~~NjRat 0.7D Danger Edition.exe (PID: 1748)
    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3484)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3260)
  • INFO

    • Manual execution by user

      • ~~NjRat 0.7D Danger Edition.exe (PID: 1748)
      • rundll32.exe (PID: 2200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:07:19 16:06:15
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: NjRat 0.7D Danger Edition/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs ~~njrat 0.7d danger edition.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3260"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NjRat 0.7D Danger Edition.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3484"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
1748"C:\Users\admin\Desktop\NjRat 0.7D Danger Edition\~~NjRat 0.7D Danger Edition.exe" C:\Users\admin\Desktop\NjRat 0.7D Danger Edition\~~NjRat 0.7D Danger Edition.exeexplorer.exe
User:
admin
Company:
CTRIK BY Fransesco
Integrity Level:
MEDIUM
Description:
CTRIK BY Fransesco
Exit code:
3221225758
Version:
0.0.0.7
2200"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\NjRat 0.7D Danger Edition\~~NjRat 0.7D Danger Edition.exe.ConfigC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
781
Read events
761
Write events
0
Delete events
0

Modification events

No data
Executable files
38
Suspicious files
2
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Stub.manifestxml
MD5:4D18AC38A92D15A64E2B80447B025B7E
SHA256:835A00D6E7C43DB49AE7B3FA12559F23C2920B7530F4D3F960FD285B42B1EFB5
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\~~NjRat 0.7D Danger Edition.exeexecutable
MD5:EDA04645089D60F5CB602C8012A33E07
SHA256:E6CFF62A0E8E7C654EEC97093A1295773F223CD3A6A11F65C91491CFBD6BE751
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Plugin\7.dllexecutable
MD5:BA2D32D8118F59AE4AAB0BAE941542ED
SHA256:814AC620EA996B45E8C0FC55AE57E10C11ADD1CF4FBE9D260A5F13052051B420
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Plugin\4.dllexecutable
MD5:621FF03775382229AFBC039EFBA07212
SHA256:D22944F50FDBE7B9FC55807EBCA0275E59A0EDE94226E2CE365BC507BC96EC68
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Plugin\P.dllexecutable
MD5:A7A746707CA4E136585570EEF6DAF2D4
SHA256:D3CF09C638FB94B81343C94DD1A9D7EE385A5240A1F3D78FC70DC591B417999D
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Plugin\5.dllexecutable
MD5:54B06DBC99832CA8A54232351AF21059
SHA256:4B6914D1CA3C871A2E79D54BB19A7A66E207548214B215698AC3371595CECB5A
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Mono.Cecil.dllexecutable
MD5:851EC9D84343FBD089520D420348A902
SHA256:CDADC26C09F869E21053EE1A0ACF3B2D11DF8EDD599FE9C377BD4D3CE1C9CDA9
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\GeoIP.datbinary
MD5:797B96CC417D0CDE72E5C25D0898E95E
SHA256:8A0675001B5BC63D8389FC7ED80B4A7B0F9538C744350F00162533519E106426
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\WinMM.Net.dllexecutable
MD5:D4B80052C7B4093E10CE1F40CE74F707
SHA256:59E2AC1B79840274BDFCEF412A10058654E42F4285D732D1487E65E60FFBFB46
3260WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3260.5055\NjRat 0.7D Danger Edition\Settings.initext
MD5:332F4072F2109E4D81F2701C2387B186
SHA256:17F547710BF4FEFB27FF4470E0F78089C4888567EEC25380E136D9FDE1E02276
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info