4d1b824634586c05b0649513096c57840e8f707f9b8b85d12654f0c8364f20a9

Analysis

max time kernel
149s
max time network
140s
platform
windows7_x64
resource
win7-en-20211014
submitted
29-10-2021 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Size

2.6MB
MD5

b1fbbb82ba785eb41c3a3ab5bc107e8c
SHA1

dd054587b966b94abc8e0b7fecb57e4f1713626c
SHA256

4d1b824634586c05b0649513096c57840e8f707f9b8b85d12654f0c8364f20a9
SHA512

4febaef30a0e17827f748fed94445473fcbf8afa559cda7fc761fef58e3e94fa8b68773a8753d32ffdbff8b916119d44bfe71e53d7771825d909313b48524d1e

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata

Suspicious use of AdjustPrivilegeToken 31 IoCs

Processes:

b1fbbb82ba785eb41c3a3ab5bc107e8c.exe

description	pid	process
Token: SeDebugPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: 33	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
Token: SeIncBasePriorityPrivilege	1788	b1fbbb82ba785eb41c3a3ab5bc107e8c.exe

C:\Users\Admin\AppData\Local\Temp\b1fbbb82ba785eb41c3a3ab5bc107e8c.exe
"C:\Users\Admin\AppData\Local\Temp\b1fbbb82ba785eb41c3a3ab5bc107e8c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-55-0x0000000076431000-0x0000000076433000-memory.dmp

Filesize
8KB

Download
memory/1788-56-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/1788-57-0x0000000000B41000-0x0000000000B42000-memory.dmp

Filesize
4KB

Download