Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 15:26
General
-
Target
2978ed952b83e0992f04bd692e344720.exe
-
Size
37KB
-
MD5
2978ed952b83e0992f04bd692e344720
-
SHA1
5dedd79943ac2dcf8a67a3aefc31c95a92dae479
-
SHA256
e8d1c6bfe908c18008df4d62237f4f4aecd47113870c5b12f197f8296c0316d7
-
SHA512
032cfb62a13b73593378679617eeb0ba42878d4543e6e1eb866821112ff24bba5046e0bb01afd3edbd970057b93bfdb40290f8d8c0a482a65caafeb35ea0435a
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2978ed952b83e0992f04bd692e344720.exe"C:\Users\Admin\AppData\Local\Temp\2978ed952b83e0992f04bd692e344720.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\2978ed952b83e0992f04bd692e344720.exe" "2978ed952b83e0992f04bd692e344720.exe" ENABLE2⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2336-130-0x0000000075470000-0x0000000075A21000-memory.dmpFilesize
5.7MB
-
memory/2336-132-0x0000000075470000-0x0000000075A21000-memory.dmpFilesize
5.7MB
-
memory/3172-131-0x0000000000000000-mapping.dmp