Overview

overview

10

Static

static

a28656f539...de.exe

windows7_x64

10

a28656f539...de.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-12-2021 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a28656f539450e71284c372b4d8cb1de.exe

  • Size

    20.2MB

  • MD5

    a28656f539450e71284c372b4d8cb1de

  • SHA1

    c7fe2e2399212cff176b732640a08471f8771dba

  • SHA256

    63dec7fa46a8b31f38ec74c9518847f54e570b62b1664f191a596727bf75f22b

  • SHA512

    5e0023d0ed5dca5eb7253048ceba5d88fbdbd03ca471e2b9a40511007f82521b03ce4b6ae726a338869441c9330929eadadffa5479d6af01a0420cf095c0ccf4

Score
10/10
njratnyan cattrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

milla.publicvm.com:5050

Mutex

dd177bd3cca5

Attributes
  • reg_key

    dd177bd3cca5

  • splitter

    @!#&^%$

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a28656f539450e71284c372b4d8cb1de.exe
    "C:\Users\Admin\AppData\Local\Temp\a28656f539450e71284c372b4d8cb1de.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2480-115-0x0000000000440000-0x0000000000562000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2480-116-0x0000000000440000-0x0000000000562000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2480-117-0x0000000004DF0000-0x0000000004E8C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2480-118-0x0000000005390000-0x000000000588E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2480-119-0x0000000004E90000-0x0000000004F22000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2480-120-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2480-121-0x0000000004D70000-0x0000000004D7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2480-122-0x0000000005060000-0x00000000050B6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2480-123-0x0000000005220000-0x00000000052CA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2480-124-0x0000000005220000-0x00000000052CA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2480-125-0x0000000006DE0000-0x0000000006DEC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2480-126-0x0000000006F90000-0x0000000006FF6000-memory.dmp

    Filesize

    408KB

    Download