Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 23:44
Static task
static1
Behavioral task
behavioral1
Sample
e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe
Resource
win10v2004-20220414-en
General
-
Target
e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe
-
Size
25KB
-
MD5
f59de44b51e940063ae0e918a64e5038
-
SHA1
85e2dc244271db156564009ed0cab7a1746626ad
-
SHA256
e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9
-
SHA512
2d10b0446f74d03c4813399fab386f6d2a3420a3a4f4dcbcd2d6f770aa24302a202faa450b34b9b64a1abaa238ba4bd9e7e5731bd7ccc81c36afba78f250ab36
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.ngrok.io:11485
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exepid process 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe -
Suspicious use of AdjustPrivilegeToken 19 IoCs
Processes:
e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exedescription pid process Token: SeDebugPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: 33 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe Token: SeIncBasePriorityPrivilege 1868 e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe"C:\Users\Admin\AppData\Local\Temp\e0ac682aeb11e5f6edef9ee02bc9265baaa0f5895df6096a3534e866bd7cbea9.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken