Analysis Overview
SHA256
71043142d7023244da9addd9aed9c1e7ead4e99f4204d566844a5f9ef49fe1ad
Threat Level: Known bad
The file 71043142D7023244DA9ADDD9AED9C1E7EAD4E99F4204D.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-10-07 22:31
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-07 22:31
Reported
2022-10-07 22:33
Platform
win7-20220812-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\71043142D7023244DA9ADDD9AED9C1E7EAD4E99F4204D.exe
"C:\Users\Admin\AppData\Local\Temp\71043142D7023244DA9ADDD9AED9C1E7EAD4E99F4204D.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | svchost.ydns.eu | udp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
Files
memory/1248-54-0x0000000075351000-0x0000000075353000-memory.dmp
memory/1248-55-0x00000000747F0000-0x0000000074D9B000-memory.dmp
memory/1248-56-0x00000000747F0000-0x0000000074D9B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-07 22:31
Reported
2022-10-07 22:33
Platform
win10v2004-20220901-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\71043142D7023244DA9ADDD9AED9C1E7EAD4E99F4204D.exe
"C:\Users\Admin\AppData\Local\Temp\71043142D7023244DA9ADDD9AED9C1E7EAD4E99F4204D.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | svchost.ydns.eu | udp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| US | 20.189.173.15:443 | tcp | |
| FR | 2.18.109.224:443 | tcp | |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
| ES | 83.59.237.34:5553 | svchost.ydns.eu | tcp |
Files
memory/4396-132-0x00000000753C0000-0x0000000075971000-memory.dmp
memory/4396-133-0x00000000753C0000-0x0000000075971000-memory.dmp