Malware Analysis Report

2025-06-16 06:49

Sample ID 220907-jm21habch5
Target tmp
SHA256 9dd09a60c4df0f14a01cf7a3d6e01739ce01589a85996659c802d9177b736cf9
Tags
nyan cat njrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9dd09a60c4df0f14a01cf7a3d6e01739ce01589a85996659c802d9177b736cf9

Threat Level: Known bad

The file tmp was found to be: Known bad.

Malicious Activity Summary

nyan cat njrat

Njrat family

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-09-07 07:47

Signatures

Njrat family

njrat

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-07 07:47

Reported

2022-09-07 07:50

Platform

win7-20220812-en

Max time kernel

145s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 antivirus-helper.publicvm.com udp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp

Files

memory/1408-54-0x00000000750A1000-0x00000000750A3000-memory.dmp

memory/1408-55-0x0000000074290000-0x000000007483B000-memory.dmp

memory/1408-56-0x0000000074290000-0x000000007483B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-09-07 07:47

Reported

2022-09-07 07:50

Platform

win10v2004-20220812-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 antivirus-helper.publicvm.com udp
DE 136.243.111.71:741 antivirus-helper.publicvm.com tcp
IE 13.69.239.72:443 tcp
US 204.79.197.200:443 tcp
US 104.21.86.228:443 tcp
US 188.114.97.0:443 tcp
US 188.114.96.0:80 tcp
US 172.67.202.54:443 tcp

Files

memory/3280-132-0x0000000075440000-0x00000000759F1000-memory.dmp

memory/3280-133-0x0000000075440000-0x00000000759F1000-memory.dmp