Analysis Overview
SHA256
891ba441c920eedb471ac09b6bc60f5694a8795f53813a8158da2bf35a0b54a6
Threat Level: Known bad
The file Client0.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-10-10 16:34
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-10 16:34
Reported
2022-10-10 16:36
Platform
win7-20220901-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\Client0.exe
"C:\Users\Admin\AppData\Local\Temp\Client0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nsdesks.duckdns.org | udp |
| US | 64.44.167.136:57830 | nsdesks.duckdns.org | tcp |
| US | 8.8.8.8:53 | nsdesks.duckdns.org | udp |
| US | 64.44.167.136:57830 | nsdesks.duckdns.org | tcp |
Files
memory/1200-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp
memory/1200-55-0x00000000748F0000-0x0000000074E9B000-memory.dmp
memory/1200-56-0x00000000748F0000-0x0000000074E9B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-10 16:34
Reported
2022-10-10 16:36
Platform
win10v2004-20220812-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\Client0.exe
"C:\Users\Admin\AppData\Local\Temp\Client0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nsdesks.duckdns.org | udp |
| US | 64.44.167.136:57830 | nsdesks.duckdns.org | tcp |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | nsdesks.duckdns.org | udp |
| US | 64.44.167.136:57830 | nsdesks.duckdns.org | tcp |
Files
memory/4408-132-0x00000000752D0000-0x0000000075881000-memory.dmp
memory/4408-133-0x00000000752D0000-0x0000000075881000-memory.dmp