Analysis
-
max time kernel
151s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
05-11-2021 20:36
Behavioral task
behavioral1
Sample
6023b151847ac5cbeb2b311623a8f126.exe
Resource
win7-en-20211104
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6023b151847ac5cbeb2b311623a8f126.exe
Resource
win10-en-20211014
0 signatures
0 seconds
General
-
Target
6023b151847ac5cbeb2b311623a8f126.exe
-
Size
43KB
-
MD5
6023b151847ac5cbeb2b311623a8f126
-
SHA1
8aeb83d4d7173266cc7eed4a0ff6694698c6743e
-
SHA256
4c26643cb0e783e8dc9cab1629d35e8523bd49e637f48847916efd517347111b
-
SHA512
a8795d2ae623f72c99d6bfbf0379ded30582d36fcf671d8d33cd78c6c7307cd582d7b4ba771e0670aaae983042b7fbb41f3ed123e57adceb9c86ed2f9e1fe065
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
6023b151847ac5cbeb2b311623a8f126.exepid process 2680 6023b151847ac5cbeb2b311623a8f126.exe -
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
6023b151847ac5cbeb2b311623a8f126.exedescription pid process Token: SeDebugPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: 33 2680 6023b151847ac5cbeb2b311623a8f126.exe Token: SeIncBasePriorityPrivilege 2680 6023b151847ac5cbeb2b311623a8f126.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2680-115-0x0000000000210000-0x0000000000211000-memory.dmpFilesize
4KB
-
memory/2680-117-0x0000000004A00000-0x0000000004A01000-memory.dmpFilesize
4KB
-
memory/2680-118-0x0000000005280000-0x0000000005281000-memory.dmpFilesize
4KB
-
memory/2680-119-0x0000000004E40000-0x0000000004E41000-memory.dmpFilesize
4KB
-
memory/2680-120-0x0000000004C70000-0x0000000004C71000-memory.dmpFilesize
4KB
-
memory/2680-121-0x0000000004E10000-0x0000000004E11000-memory.dmpFilesize
4KB
-
memory/2680-122-0x0000000005020000-0x0000000005021000-memory.dmpFilesize
4KB
-
memory/2680-123-0x0000000005E90000-0x0000000005E91000-memory.dmpFilesize
4KB