Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
25-09-2021 18:36
Static task
static1
Behavioral task
behavioral1
Sample
3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe
-
Size
453KB
-
MD5
3a78e71f75c331ae5ba44d223216a549
-
SHA1
3a63ed034a2ed3b98c6520be97aa1e693d706adf
-
SHA256
0ada6c43746b280019ba4599becd675484265971fd3d9c48d74d25815275e066
-
SHA512
50d94d7e567cda41aec5bf9ef47a5cea91a3e5a2cd7ab2fd8b110e4715725f386924b6c0f8ccf800f90ad43366a05f2e270f4897709b92fd1663d062cca6a668
Malware Config
Extracted
Family
njrat
Botnet
H
C2
dreem.linkpc.net:7500
Attributes
-
splitter
!'!@!'!
Signatures
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
3a63ed034a2ed3b98c6520be97aa1e693d706adf.exedescription pid process Token: SeDebugPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: 33 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe Token: SeIncBasePriorityPrivilege 652 3a63ed034a2ed3b98c6520be97aa1e693d706adf.exe