Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03-10-2022 07:46
Behavioral task
behavioral1
Sample
2e5a045992e9c4484567533fd26794e1.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
2e5a045992e9c4484567533fd26794e1.exe
-
Size
43KB
-
MD5
2e5a045992e9c4484567533fd26794e1
-
SHA1
9519058a4bbbbc269bc23b270abf12c30b461701
-
SHA256
aa6249c70448ad3d8f7c2555b5347408728dba237009f51066086729e680ba6c
-
SHA512
f042ddcc21ee1daee8bfc0e78479c7211b95d80368efde45b6cb84c6b9c1f3807867874d58793358800a4eb72ab970e483d9bbcc8081323d99843313dab8043a
-
SSDEEP
384:78ZygjqyCEFmVoyb37ilaY2EdizMgh+zEIij+ZsNO3PlpJKkkjh/TzF7pWnpmgrq:761jqyVAVlbLCHKQgWuXQ/ooC+L
Malware Config
Extracted
Family
njrat
Version
Njrat 0.7 Golden By Hassan Amiri
Botnet
HacKed
C2
0.tcp.eu.ngrok.io:18211
Mutex
Windows Update
Attributes
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
2e5a045992e9c4484567533fd26794e1.exepid process 1376 2e5a045992e9c4484567533fd26794e1.exe -
Suspicious use of AdjustPrivilegeToken 21 IoCs
Processes:
2e5a045992e9c4484567533fd26794e1.exedescription pid process Token: SeDebugPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe Token: 33 1376 2e5a045992e9c4484567533fd26794e1.exe Token: SeIncBasePriorityPrivilege 1376 2e5a045992e9c4484567533fd26794e1.exe