Analysis Overview
SHA256
e72e52aaf8711d579fd8497089fbb81632c3dd1ef349b9fb36517684b837d0a9
Threat Level: Known bad
The file x0GSL84wSsJn.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-29 02:05
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-29 02:05
Reported
2022-08-29 02:08
Platform
win7-20220812-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\x0GSL84wSsJn.exe
"C:\Users\Admin\AppData\Local\Temp\x0GSL84wSsJn.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | roda777.linkpc.net | udp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
Files
memory/1336-54-0x00000000762D1000-0x00000000762D3000-memory.dmp
memory/1336-55-0x0000000074460000-0x0000000074A0B000-memory.dmp
memory/1336-56-0x0000000074460000-0x0000000074A0B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-29 02:05
Reported
2022-08-29 02:08
Platform
win10v2004-20220812-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\x0GSL84wSsJn.exe
"C:\Users\Admin\AppData\Local\Temp\x0GSL84wSsJn.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | roda777.linkpc.net | udp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| US | 209.197.3.8:80 | tcp | |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| US | 20.189.173.5:443 | tcp | |
| NL | 178.79.208.1:80 | tcp | |
| NL | 178.79.208.1:80 | tcp | |
| BE | 8.238.111.126:80 | tcp | |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
| AR | 186.18.237.251:5000 | roda777.linkpc.net | tcp |
Files
memory/2852-132-0x00000000751E0000-0x0000000075791000-memory.dmp
memory/2852-133-0x00000000751E0000-0x0000000075791000-memory.dmp