Analysis
-
max time kernel
151s -
max time network
187s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
02-10-2021 02:33
Static task
static1
Behavioral task
behavioral1
Sample
6a5f6fba52919a8f6f8e371284c3458b.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6a5f6fba52919a8f6f8e371284c3458b.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
6a5f6fba52919a8f6f8e371284c3458b.exe
-
Size
104KB
-
MD5
6a5f6fba52919a8f6f8e371284c3458b
-
SHA1
669cba3048a250fdb53c4a708ae7b92006072942
-
SHA256
bd5fa7ccde2dbc145685b36d66c3c6161e7e780308bd6ec29666139908e7db26
-
SHA512
5bb20db97e23e93a1c4a6e54bc0b13973012e04d71f4b3efd3e5e1ba691fb0d86a6fbd758446ceab7827be9cb790998d432ed4150d6ddbfdf17b7f8314386e13
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7NC
Botnet
NYAN CAT
C2
paomarca.duckdns.org:2054
Mutex
fede6f9724
Attributes
-
reg_key
fede6f9724
-
splitter
@!#&^%$
Signatures
-
Core1 .NET packer 1 IoCs
Detects packer/loader used by .NET malware.
Processes:
resource yara_rule behavioral1/memory/1100-63-0x0000000000750000-0x000000000076D000-memory.dmp Core1 -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
6a5f6fba52919a8f6f8e371284c3458b.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run\file.exe = "C:\\Users\\Admin\\AppData\\Local\\file.exe" 6a5f6fba52919a8f6f8e371284c3458b.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
Processes:
6a5f6fba52919a8f6f8e371284c3458b.exedescription pid process Token: SeDebugPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: 33 1100 6a5f6fba52919a8f6f8e371284c3458b.exe Token: SeIncBasePriorityPrivilege 1100 6a5f6fba52919a8f6f8e371284c3458b.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1100-60-0x000000013F480000-0x000000013F481000-memory.dmpFilesize
4KB
-
memory/1100-62-0x0000000002110000-0x0000000002137000-memory.dmpFilesize
156KB
-
memory/1100-63-0x0000000000750000-0x000000000076D000-memory.dmpFilesize
116KB
-
memory/1100-64-0x000000001B840000-0x000000001B842000-memory.dmpFilesize
8KB
-
memory/1100-65-0x00000000021B0000-0x00000000021B8000-memory.dmpFilesize
32KB