Analysis Overview
SHA256
459339ad24f46b7d4d28e0badbc1eac08f16af67c88ccde5cbd9b4fd99ee46ab
Threat Level: Known bad
The file bF16.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-30 00:08
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-30 00:08
Reported
2022-09-30 00:10
Platform
win7-20220812-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\bF16.exe
"C:\Users\Admin\AppData\Local\Temp\bF16.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | winry7.duckdns.org | udp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| US | 8.8.8.8:53 | winry7.duckdns.org | udp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
Files
memory/1456-54-0x00000000768A1000-0x00000000768A3000-memory.dmp
memory/1456-55-0x0000000074C70000-0x000000007521B000-memory.dmp
memory/1456-56-0x0000000074C70000-0x000000007521B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-30 00:08
Reported
2022-09-30 00:10
Platform
win10v2004-20220812-en
Max time kernel
84s
Max time network
96s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\bF16.exe
"C:\Users\Admin\AppData\Local\Temp\bF16.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | winry7.duckdns.org | udp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.242.101.226:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.242.97.97:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.242.101.226:443 | tcp | |
| CO | 177.255.84.82:8787 | tcp | |
| N/A | 52.168.117.170:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.109.8.45:443 | tcp | |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | winry7.duckdns.org | udp |
| CO | 177.255.84.82:8787 | winry7.duckdns.org | tcp |
Files
memory/4656-132-0x0000000075580000-0x0000000075B31000-memory.dmp
memory/4656-133-0x0000000075580000-0x0000000075B31000-memory.dmp