njrat | 65c83e4463402750516b121efa73194836d6ae58bf6cb03a48e835516c0b41c3

Analysis

max time kernel
151s
max time network
146s
platform
windows10_x64
resource
win10v20201028
submitted
14-12-2020 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74282850ccd7dc9414af3e09f0515dec.exe
Size

23KB
MD5

74282850ccd7dc9414af3e09f0515dec
SHA1

b0a28d592199b3285168d1eb127c97236e0c0e55
SHA256

65c83e4463402750516b121efa73194836d6ae58bf6cb03a48e835516c0b41c3
SHA512

9cff6e3a8455a9892926ecc6823d1b5d5f739a1946011ece07b4d19e21ae273fa465ce7561cd22c4ead77f22d70bc98eb6efa49c75371d0d9f9e9da7351391d2

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

74282850ccd7dc9414af3e09f0515dec.exe

description	pid	process
Token: SeDebugPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: 33	528	74282850ccd7dc9414af3e09f0515dec.exe
Token: SeIncBasePriorityPrivilege	528	74282850ccd7dc9414af3e09f0515dec.exe

C:\Users\Admin\AppData\Local\Temp\74282850ccd7dc9414af3e09f0515dec.exe
"C:\Users\Admin\AppData\Local\Temp\74282850ccd7dc9414af3e09f0515dec.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:528

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads