Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2023 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    43KB

  • MD5

    e33dafb811a56b8295d2cfb4cac645c1

  • SHA1

    8d93eb10381a824464b4324a62735e4ec96393a4

  • SHA256

    e7ae497afab39d1799e228532ded33ea74ec4a6bf8c79964a7d0f557c7264fb4

  • SHA512

    bdb7d514aaf37ae27bc0f8e5d098fd1bde97a7e7ca1c0d5388dcb5c592f07e6ace5470100492a87223414dada4bdcd0db1875744565d199b54efff2496aa0b4f

  • SSDEEP

    384:rZy54oi98Na5yCSh1zWHjREYbul60kzsIij+ZsNO3PlpJKkkjh/TzF7pWnSSmgrq:FEiywwCQtg7WEuXQ/osC+L

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

HowToLive913-31335.portmap.host:31335

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4184-133-0x0000000000BE0000-0x0000000000BF2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4184-134-0x00000000055F0000-0x000000000568C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/4184-135-0x0000000005F20000-0x00000000064C4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4184-136-0x0000000005A10000-0x0000000005AA2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4184-137-0x0000000005860000-0x0000000005870000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4184-138-0x0000000005970000-0x000000000597A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4184-139-0x0000000005860000-0x0000000005870000-memory.dmp
    Filesize

    64KB

    Download