Analysis
-
max time kernel
175s -
max time network
172s -
platform
windows10_x64 -
resource
win10-en -
submitted
08-09-2021 14:17
General
-
Target
00B304CC27719527294CC81BA4761EF3.exe
-
Size
121KB
-
MD5
00b304cc27719527294cc81ba4761ef3
-
SHA1
2cf075ffd58e32d01d1098170a4d891eb870a476
-
SHA256
79de8a957ad063ca344492294a8effe23484f2edcff99800591eeebc3389ff26
-
SHA512
83c81f99dc7792486252078aba823d94b9f012e55f612e48e7370b229a474fc1da1c629ee9f76786e6764223dac0b8e676f5a888f28400be72780673dbc5c894
Score
10/10
Malware Config
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall 1 TTPs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00B304CC27719527294CC81BA4761EF3.exe"C:\Users\Admin\AppData\Local\Temp\00B304CC27719527294CC81BA4761EF3.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\00B304CC27719527294CC81BA4761EF3.exe" "00B304CC27719527294CC81BA4761EF3.exe" ENABLE2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3964-116-0x0000000000000000-mapping.dmp
-
memory/4564-115-0x0000000002DF0000-0x0000000002DF1000-memory.dmpFilesize
4KB