njrat | 01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac

General

Target

01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Size

432KB
MD5

9f8e2a486b7597c426188a6530c10907
SHA1

c3f87975be7f7e7639593833a9f569de15909346
SHA256

01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac
SHA512

c7ee008af0e94eee737a345201813faf9c5e0dd7db5c5fb254e6c306df32e6794bd698c4feb6f1a9e1dccbfaf2bb07c61e02ceae3463c8e3c1724214b2238658
SSDEEP

12288:ygKEX29rzlwBK9lPx/MiTA119tdgUVcwR+45:ygK0MrzmBSlP8Nf

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of SetThreadContext 1 IoCs

Processes:

01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe

description	pid	process	target process
PID 2036 set thread context of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe

description	pid	process
Token: SeDebugPrivilege	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeDebugPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: 33	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
Token: SeIncBasePriorityPrivilege	1968	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe

description	pid	process	target process
PID 2036 wrote to memory of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
PID 2036 wrote to memory of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
PID 2036 wrote to memory of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
PID 2036 wrote to memory of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
PID 2036 wrote to memory of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
PID 2036 wrote to memory of 1968	2036	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe	01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe

C:\Users\Admin\AppData\Local\Temp\01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
"C:\Users\Admin\AppData\Local\Temp\01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2036

C:\Users\Admin\AppData\Local\Temp\01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
C:\Users\Admin\AppData\Local\Temp\01292f2d36798d283f69fedb2d99e2d49bcaba70b4e9d0ca29a263f530d27dac.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-56-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1968-57-0x000000000040A31E-mapping.dmp

Download
memory/1968-59-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1968-61-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1968-64-0x0000000074F50000-0x00000000754FB000-memory.dmp

Filesize
5.7MB

Download
memory/1968-65-0x0000000074F50000-0x00000000754FB000-memory.dmp

Filesize
5.7MB

Download
memory/2036-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x0000000074F50000-0x00000000754FB000-memory.dmp

Filesize
5.7MB

Download
memory/2036-63-0x0000000074F50000-0x00000000754FB000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads