Analysis Overview
SHA256
9dd09a60c4df0f14a01cf7a3d6e01739ce01589a85996659c802d9177b736cf9
Threat Level: Known bad
The file tmp was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-07 07:47
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-07 07:47
Reported
2022-09-07 07:50
Platform
win7-20220812-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
Files
memory/1408-54-0x00000000750A1000-0x00000000750A3000-memory.dmp
memory/1408-55-0x0000000074290000-0x000000007483B000-memory.dmp
memory/1408-56-0x0000000074290000-0x000000007483B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-07 07:47
Reported
2022-09-07 07:50
Platform
win10v2004-20220812-en
Max time kernel
150s
Max time network
143s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | antivirus-helper.publicvm.com | udp |
| DE | 136.243.111.71:741 | antivirus-helper.publicvm.com | tcp |
| IE | 13.69.239.72:443 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| US | 104.21.86.228:443 | tcp | |
| US | 188.114.97.0:443 | tcp | |
| US | 188.114.96.0:80 | tcp | |
| US | 172.67.202.54:443 | tcp |
Files
memory/3280-132-0x0000000075440000-0x00000000759F1000-memory.dmp
memory/3280-133-0x0000000075440000-0x00000000759F1000-memory.dmp