Overview

overview

10

Static

static

1

ace3e0bd09...c0.exe

windows7-x64

10

ace3e0bd09...c0.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2023, 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ace3e0bd095eee38c540eea858dd73c0.exe

  • Size

    814KB

  • MD5

    ace3e0bd095eee38c540eea858dd73c0

  • SHA1

    d63a3c32bcfcf01bea156f70d6f5bd0ffb759623

  • SHA256

    9acaaa5be33bd847e2d5925b3555db028f02c251791efa21f05f7252a3f09f34

  • SHA512

    ae332b2e823bb9bec63471aabb8d39eba20ca2c138ef830eae5291e85dda3a3c3facaca17e6142a82f4ad330592809ab7842261c196d8a2bef3fd06fb8658089

  • SSDEEP

    12288:tCPg2DW7/6ZUbnPXGm+x5PQbY56Jx1g83YhN2ohF+rcgv:tcHW7/0NPv8JxZ3Yh8ohF+4

Score
10/10
njratnyan cattrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

seznam.zapto.org:5050

Mutex

1e21c2fe0de74

Attributes
  • reg_key

    1e21c2fe0de74

  • splitter

    @!#&^%$

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ace3e0bd095eee38c540eea858dd73c0.exe
    "C:\Users\Admin\AppData\Local\Temp\ace3e0bd095eee38c540eea858dd73c0.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1256-54-0x0000000000FB0000-0x0000000001080000-memory.dmp

    Filesize

    832KB

    Download

  • memory/1256-55-0x0000000076531000-0x0000000076533000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1256-56-0x00000000047B0000-0x0000000004802000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1256-57-0x0000000000D60000-0x0000000000D6C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1256-58-0x0000000004855000-0x0000000004866000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1256-59-0x0000000004855000-0x0000000004866000-memory.dmp

    Filesize

    68KB

    Download