Overview

overview

10

Static

static

dc376dc53a...5c.exe

windows7_x64

10

dc376dc53a...5c.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    08-09-2021 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c.exe

  • Size

    51KB

  • MD5

    0070cd346ea3e1674939bf2f8df83917

  • SHA1

    f71c6a0240841674070d7a5e2de5f547bba61a27

  • SHA256

    dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c

  • SHA512

    8f238f539968bc8c02b774ddc16e57fed720c42f007853055473eb95c4cba6c66cc1347c49ead0addf1b1bdcb14a26a9b464b09029039ccd7ab4bf0f067a139a

Score
10/10
njratrun runpesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Run RunPE

Attributes
  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata
  • Suspicious use of AdjustPrivilegeToken 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c.exe
    "C:\Users\Admin\AppData\Local\Temp\dc376dc53a223c3aafb2eacbfaaef96d8d24d8868bdb1991969874030caabb5c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1828-60-0x0000000000B00000-0x0000000000B01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1828-62-0x00000000762C1000-0x00000000762C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1828-63-0x0000000004E90000-0x0000000004E91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1828-64-0x00000000003C0000-0x00000000003CF000-memory.dmp
    Filesize

    60KB

    Download