acdaabd8958f8da1602e567cfbd014c167454417c3384b0db2dfb6686c42e6b6 | Triage

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
13-07-2022 21:27

Sharing

Report Analysis Logs

General

Target

bDxb.exe
Size

36KB
MD5

3e8393d889839487949f851a9a9651e4
SHA1

2efe38929aeb063c8efa0de18d9e3b3616362515
SHA256

acdaabd8958f8da1602e567cfbd014c167454417c3384b0db2dfb6686c42e6b6
SHA512

3002d45aac051376d8fda4ec87f67424de451cd5431e7aecb145a528c28703217b7537618a3f339e09f5d7dd34ae882718446560c07a43d48a061c093c90346e

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bDxb.exe

description pid process

Token: SeDebugPrivilege 4828 bDxb.exe

C:\Users\Admin\AppData\Local\Temp\bDxb.exe
"C:\Users\Admin\AppData\Local\Temp\bDxb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-130-0x00007FFECA940000-0x00007FFECB376000-memory.dmp

Filesize
10.2MB

Download