Analysis
-
max time kernel
171s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 04:35
Behavioral task
behavioral1
Sample
348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe
-
Size
43KB
-
MD5
5a2dd8bd787db4d5c7448c6e29b72de5
-
SHA1
75d742447106b2aa60692804ed046d25ca9e8af4
-
SHA256
348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672
-
SHA512
6675676bda5f130f0251d2b7d1661f0d623e50a0207a1bfe350ae5e291b5e087e4d9ff7ce5b23cb74852c891740ce85365c69bc30435be41fbeda5ff25ba011a
Malware Config
Extracted
Family
njrat
Version
Njrat 0.7 Golden By Hassan Amiri
Botnet
HacKed
C2
127.0.0.1:5552
Mutex
Windows Update
Attributes
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exepid process 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe -
Suspicious use of AdjustPrivilegeToken 21 IoCs
Processes:
348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exedescription pid process Token: SeDebugPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: 33 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe Token: SeIncBasePriorityPrivilege 1468 348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe"C:\Users\Admin\AppData\Local\Temp\348791e8a9d20781b7c390d8ea05a000d56990a0bda3dd30432e2387d83ad672.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken