Overview

overview

10

Static

static

a7c7bb5328...18.exe

windows7_x64

10

a7c7bb5328...18.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    08-09-2021 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7c7bb532823a6e7d4ace596f146c618.exe

  • Size

    113KB

  • MD5

    a7c7bb532823a6e7d4ace596f146c618

  • SHA1

    d4ce3acc8b40a6880e5c57c9ec5844643413e312

  • SHA256

    64d7d58724fe40787f7fdcb2496f96206c538fb80c14fc8827f4e5af9a5c99c8

  • SHA512

    51f14f96d6935f336fd224319b1706f9a6d21251c568292574d564b28741ebae8647cb0fca737073ac763e3bd61a0c751538255671c542859d733494a0a566d9

Score
10/10
njratrun runpesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Run RunPE

Attributes
  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7c7bb532823a6e7d4ace596f146c618.exe
    "C:\Users\Admin\AppData\Local\Temp\a7c7bb532823a6e7d4ace596f146c618.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4196-121-0x0000000000400000-0x0000000000414000-memory.dmp
    Filesize

    80KB

    Download
  • memory/4196-122-0x000000000040FD1E-mapping.dmp
    Download
  • memory/4196-126-0x0000000005210000-0x0000000005211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4196-127-0x0000000005210000-0x000000000570E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4196-130-0x00000000054F0000-0x00000000054F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4796-114-0x0000000000F10000-0x0000000000F11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4796-116-0x0000000005CF0000-0x0000000005CF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4796-117-0x00000000058B0000-0x00000000058B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4796-118-0x0000000005A10000-0x0000000005A11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4796-119-0x00000000057F0000-0x0000000005CEE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4796-120-0x0000000008FB0000-0x0000000008FB7000-memory.dmp
    Filesize

    28KB

    Download