Malware Analysis Report

2025-06-16 06:50

Sample ID 221010-t251tacee8
Target Client0.exe
SHA256 891ba441c920eedb471ac09b6bc60f5694a8795f53813a8158da2bf35a0b54a6
Tags
nyan cat njrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

891ba441c920eedb471ac09b6bc60f5694a8795f53813a8158da2bf35a0b54a6

Threat Level: Known bad

The file Client0.exe was found to be: Known bad.

Malicious Activity Summary

nyan cat njrat

Njrat family

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-10-10 16:34

Signatures

Njrat family

njrat

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-10 16:34

Reported

2022-10-10 16:36

Platform

win7-20220901-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client0.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Client0.exe

"C:\Users\Admin\AppData\Local\Temp\Client0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 nsdesks.duckdns.org udp
US 64.44.167.136:57830 nsdesks.duckdns.org tcp
US 8.8.8.8:53 nsdesks.duckdns.org udp
US 64.44.167.136:57830 nsdesks.duckdns.org tcp

Files

memory/1200-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

memory/1200-55-0x00000000748F0000-0x0000000074E9B000-memory.dmp

memory/1200-56-0x00000000748F0000-0x0000000074E9B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-10 16:34

Reported

2022-10-10 16:36

Platform

win10v2004-20220812-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client0.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Client0.exe

"C:\Users\Admin\AppData\Local\Temp\Client0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 nsdesks.duckdns.org udp
US 64.44.167.136:57830 nsdesks.duckdns.org tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 nsdesks.duckdns.org udp
US 64.44.167.136:57830 nsdesks.duckdns.org tcp

Files

memory/4408-132-0x00000000752D0000-0x0000000075881000-memory.dmp

memory/4408-133-0x00000000752D0000-0x0000000075881000-memory.dmp