Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en -
submitted
11-09-2021 14:56
Static task
static1
Behavioral task
behavioral1
Sample
D8F6CADD686AEF1423100DAE9231C47D.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
D8F6CADD686AEF1423100DAE9231C47D.exe
-
Size
1.8MB
-
MD5
d8f6cadd686aef1423100dae9231c47d
-
SHA1
af46bfe9e441788fff35ca3613a805c23780a9fd
-
SHA256
8e38c9ed504d812b26fa8f6c5217127fdfa945da4ac74ebedbade7287fafd062
-
SHA512
466e25ecd6e418ed9451b56a1d680531f7973f5c0b5622c606d9e3ec16d7deba6b9fbee7e01335ecdfecb8eb59e678eb2332a8d99133ea42834c535b486fefe1
Malware Config
Extracted
Family
njrat
Version
0.7NC
Botnet
NYAN CAT
C2
milla.publicvm.com:5050
Mutex
8a1729b26bbe40d8
Attributes
-
reg_key
8a1729b26bbe40d8
-
splitter
@!#&^%$
Signatures
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Suspicious use of AdjustPrivilegeToken 37 IoCs
Processes:
D8F6CADD686AEF1423100DAE9231C47D.exedescription pid process Token: SeDebugPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: 33 3940 D8F6CADD686AEF1423100DAE9231C47D.exe Token: SeIncBasePriorityPrivilege 3940 D8F6CADD686AEF1423100DAE9231C47D.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3940-115-0x0000000000F60000-0x0000000000F61000-memory.dmpFilesize
4KB
-
memory/3940-117-0x0000000005EE0000-0x0000000005EE1000-memory.dmpFilesize
4KB
-
memory/3940-118-0x00000000059E0000-0x00000000059E1000-memory.dmpFilesize
4KB
-
memory/3940-119-0x0000000005A80000-0x0000000005A81000-memory.dmpFilesize
4KB
-
memory/3940-120-0x0000000005C50000-0x0000000005C51000-memory.dmpFilesize
4KB
-
memory/3940-121-0x0000000005C40000-0x0000000005C48000-memory.dmpFilesize
32KB
-
memory/3940-122-0x0000000005900000-0x0000000005992000-memory.dmpFilesize
584KB
-
memory/3940-123-0x00000000074D0000-0x00000000074D1000-memory.dmpFilesize
4KB