njrat | e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330

Analysis

max time kernel
149s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 09:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Size

133KB
MD5

f6e448e09e086518ecf3bda3fc905597
SHA1

9927b21a219a9457ce26c40cb10d1c1691a23234
SHA256

e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330
SHA512

7417b322e70814d31d30cc9570464634e61cc2ca89bd07de8145bff4de8828aa4b55cc73399271396d432e347c375485d6f9feab98d4dc41122a799e9ea1d7df
SSDEEP

768:Etl/CdLNZDF2tbFEfJtUYHncD0q7QG7fAceFgDeu1LO:M8hNdF2lDJ1LO

Score

10^/10

njrat b hat trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

B HAT

Mutex

5ae3a9b275c7460691f6798031850b2e

Attributes

reg_key
5ae3a9b275c7460691f6798031850b2e
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeDebugPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: 33	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
Token: SeIncBasePriorityPrivilege	1952	e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe

C:\Users\Admin\AppData\Local\Temp\e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe
"C:\Users\Admin\AppData\Local\Temp\e993f71e8938186235d15fd2c6d6a04e35e561afd5accaf0dc9dc177277ef330.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-54-0x0000000000270000-0x0000000000298000-memory.dmp

Filesize
160KB

Download
memory/1952-55-0x0000000000310000-0x000000000031C000-memory.dmp

Filesize
48KB

Download
memory/1952-56-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads