Malware Analysis Report

2025-06-16 06:49

Sample ID 221010-t26bkscee9
Target P.exe
SHA256 20c5e774a278d6bc585aa030df85baeb6e27445b5fe1a34ae48a48898dc8604b
Tags
nyan cat njrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

20c5e774a278d6bc585aa030df85baeb6e27445b5fe1a34ae48a48898dc8604b

Threat Level: Known bad

The file P.exe was found to be: Known bad.

Malicious Activity Summary

nyan cat njrat

Njrat family

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-10-10 16:34

Signatures

Njrat family

njrat

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-10 16:34

Reported

2022-10-10 16:36

Platform

win7-20220812-en

Max time kernel

143s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\P.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\P.exe

"C:\Users\Admin\AppData\Local\Temp\P.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 njpe.duckdns.org udp
US 64.44.115.185:35999 njpe.duckdns.org tcp

Files

memory/828-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

memory/828-55-0x0000000074240000-0x00000000747EB000-memory.dmp

memory/828-56-0x0000000074240000-0x00000000747EB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-10 16:34

Reported

2022-10-10 16:36

Platform

win10v2004-20220812-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\P.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\P.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\P.exe

"C:\Users\Admin\AppData\Local\Temp\P.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 njpe.duckdns.org udp
US 64.44.115.185:35999 njpe.duckdns.org tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
NL 104.80.225.205:443 tcp
IE 13.69.239.73:443 tcp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp

Files

memory/1616-132-0x0000000074C60000-0x0000000075211000-memory.dmp

memory/1616-133-0x0000000074C60000-0x0000000075211000-memory.dmp