Analysis Overview
SHA256
9dd09a60c4df0f14a01cf7a3d6e01739ce01589a85996659c802d9177b736cf9
Threat Level: Known bad
The file b5feacdcdd478f8d833218d30d130dab.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-06 11:31
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-06 11:31
Reported
2022-09-06 11:33
Platform
win7-20220812-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\b5feacdcdd478f8d833218d30d130dab.exe
"C:\Users\Admin\AppData\Local\Temp\b5feacdcdd478f8d833218d30d130dab.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
Files
memory/544-54-0x0000000075A91000-0x0000000075A93000-memory.dmp
memory/544-55-0x00000000744E0000-0x0000000074A8B000-memory.dmp
memory/544-56-0x00000000744E0000-0x0000000074A8B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-06 11:31
Reported
2022-09-06 11:33
Platform
win10v2004-20220812-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\b5feacdcdd478f8d833218d30d130dab.exe
"C:\Users\Admin\AppData\Local\Temp\b5feacdcdd478f8d833218d30d130dab.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.238.20.126:80 | tcp | |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| IE | 40.126.31.73:443 | tcp | |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| US | 13.89.179.8:443 | tcp | |
| US | 8.8.8.8:53 | 14.110.152.52.in-addr.arpa | udp |
| US | 8.238.20.126:80 | tcp | |
| US | 8.238.20.126:80 | tcp | |
| US | 8.253.208.120:80 | tcp | |
| US | 8.8.8.8:53 | 9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa | udp |
Files
memory/2512-132-0x0000000074B10000-0x00000000750C1000-memory.dmp
memory/2512-133-0x0000000074B10000-0x00000000750C1000-memory.dmp