Overview

overview

10

Static

static

ef4680208a...67.exe

windows7_x64

10

ef4680208a...67.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    11-12-2021 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef4680208a558c46217cf3f6362c5267.exe

  • Size

    14KB

  • MD5

    ef4680208a558c46217cf3f6362c5267

  • SHA1

    3f8d0442437c7c0085c5820d576bfc3bd430be5c

  • SHA256

    73ef191c5f67932083f2bb8fb4d98daf10e5dce83019d0353db1df04d184fc5f

  • SHA512

    a5aa10cd4851ba552a5f4375a869ff7cdb8ef64eab8579b47432ec11bac7d03b421ec095a593575ab5dcd3f2b16320204f54f07f02a3e68a51773c5b0b91e952

Score
10/10
njratpicturetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Picture

Attributes
  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef4680208a558c46217cf3f6362c5267.exe
    "C:\Users\Admin\AppData\Local\Temp\ef4680208a558c46217cf3f6362c5267.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1636-54-0x00000000010C0000-0x00000000010C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-56-0x0000000075D61000-0x0000000075D63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1636-57-0x0000000001070000-0x0000000001071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-58-0x00000000003F0000-0x00000000003F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1636-59-0x0000000000480000-0x000000000048F000-memory.dmp

    Filesize

    60KB

    Download