Analysis Overview
SHA256
9dd09a60c4df0f14a01cf7a3d6e01739ce01589a85996659c802d9177b736cf9
Threat Level: Known bad
The file tmp was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-03 07:29
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-03 07:29
Reported
2022-09-03 07:31
Platform
win7-20220812-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
Files
memory/2036-54-0x0000000075C61000-0x0000000075C63000-memory.dmp
memory/2036-55-0x00000000740E0000-0x000000007468B000-memory.dmp
memory/2036-56-0x00000000740E0000-0x000000007468B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-03 07:29
Reported
2022-09-03 07:31
Platform
win10v2004-20220812-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
Network
| Country | Destination | Domain | Proto |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| IE | 20.223.24.244:443 | tcp | |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| NL | 104.80.225.205:443 | tcp | |
| FR | 40.79.150.121:443 | tcp |
Files
memory/4968-132-0x0000000075210000-0x00000000757C1000-memory.dmp
memory/4968-133-0x0000000075210000-0x00000000757C1000-memory.dmp