Overview

overview

10

Static

static

995fd129f5...08.exe

windows7-x64

10

995fd129f5...08.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe

  • Size

    836KB

  • MD5

    bff19d78f2c6620697bab570bef2648e

  • SHA1

    5804b28d3d61907402582df8335eb65afad219ac

  • SHA256

    995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808

  • SHA512

    afd12a85c4ef137ee64fb182a8fe45cc66abaaae52faa8e64d00663c79e0888b77a1e51e1944d5122a15c14c6bd0c390ec63984cb07a33aacf7c66443e58ed3a

  • SSDEEP

    6144:d2mt8BWL/QVFFuPEam8dyDtUj12TFkNkkKr4hu6DJk6+xKDPvaw0wPv1P0+AUWpo:poMK2EaRA+sT0kk506+nIQanQ1PVGoM

Score
10/10
njratb hattrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

B HAT

Mutex

ce52d1cdd44843d3984722ec03389671

Attributes
  • reg_key

    ce52d1cdd44843d3984722ec03389671

  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe
    "C:\Users\Admin\AppData\Local\Temp\995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1612-54-0x0000000000A60000-0x0000000000B38000-memory.dmp
    Filesize

    864KB

    Download
  • memory/1612-55-0x00000000001F0000-0x00000000001FC000-memory.dmp
    Filesize

    48KB

    Download