njrat | b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a

Analysis

max time kernel
153s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Size

39KB
MD5

623415373058b612f362b55dcea0a3ac
SHA1

637bff768e494b09665ccb3ab6b6d97f915a7020
SHA256

b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a
SHA512

93a2f746066897542829ca618fd8e611f237256bda05857e4198a49773658a6345e9000c4c666b3480768e88262fa77cb03bf0523477a9ed3c31e5c6a7a4a21d
SSDEEP

768:ppD+Zwq3r1uFbaYh+Jnq7az+xRug+n2hpUE+fDNkQp6HwfegB:XD+HZuY5q7az+GgDbUfZkQTfea

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 29 IoCs

Processes:

b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe

description	pid	process
Token: SeDebugPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	2148	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe

C:\Users\Admin\AppData\Local\Temp\b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
"C:\Users\Admin\AppData\Local\Temp\b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-132-0x0000000000F90000-0x0000000000FA0000-memory.dmp

Filesize
64KB

Download
memory/2148-133-0x0000000005920000-0x00000000059BC000-memory.dmp

Filesize
624KB

Download
memory/2148-134-0x0000000006170000-0x0000000006714000-memory.dmp

Filesize
5.6MB

Download
memory/2148-135-0x0000000005DD0000-0x0000000005E62000-memory.dmp

Filesize
584KB

Download
memory/2148-136-0x0000000006060000-0x000000000606A000-memory.dmp

Filesize
40KB

Download