Analysis Overview
SHA256
20c5e774a278d6bc585aa030df85baeb6e27445b5fe1a34ae48a48898dc8604b
Threat Level: Known bad
The file P.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-10-10 16:34
Signatures
Njrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-10 16:34
Reported
2022-10-10 16:36
Platform
win7-20220812-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\P.exe
"C:\Users\Admin\AppData\Local\Temp\P.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | njpe.duckdns.org | udp |
| US | 64.44.115.185:35999 | njpe.duckdns.org | tcp |
Files
memory/828-54-0x0000000075A11000-0x0000000075A13000-memory.dmp
memory/828-55-0x0000000074240000-0x00000000747EB000-memory.dmp
memory/828-56-0x0000000074240000-0x00000000747EB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-10 16:34
Reported
2022-10-10 16:36
Platform
win10v2004-20220812-en
Max time kernel
149s
Max time network
145s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\P.exe
"C:\Users\Admin\AppData\Local\Temp\P.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | njpe.duckdns.org | udp |
| US | 64.44.115.185:35999 | njpe.duckdns.org | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 104.80.225.205:443 | tcp | |
| IE | 13.69.239.73:443 | tcp | |
| US | 8.8.8.8:53 | 176.122.125.40.in-addr.arpa | udp |
Files
memory/1616-132-0x0000000074C60000-0x0000000075211000-memory.dmp
memory/1616-133-0x0000000074C60000-0x0000000075211000-memory.dmp