Overview

overview

10

Static

static

3

defec41579...20.exe

windows7-x64

10

defec41579...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2023, 13:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    defec415793e9bcf719f0858df5b8415a8919bf4c10d67deef03776e089bda20.exe

  • Size

    26KB

  • MD5

    d732678890d2daad454b44744cae44b4

  • SHA1

    c9f9a49de61b7c5ef1b647040f670c47443cd586

  • SHA256

    defec415793e9bcf719f0858df5b8415a8919bf4c10d67deef03776e089bda20

  • SHA512

    56c943b2c5ed4bbada9bb705282af3f8881a5e0a5f79304dd541e9073e18dec4e949e34a6f3714fd10157477e7e7d7c464809571883c96328b24f06185f17284

  • SSDEEP

    384:5Ld6Q72JyPo3Cj3P9teToser2HzCYe/8Y2OzRLTm3yilqr6vJbctVvG6f:Jj2yPoSjf9teTw2T5e/8s0eVvGk

Score
10/10
njrattrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\defec415793e9bcf719f0858df5b8415a8919bf4c10d67deef03776e089bda20.exe
    "C:\Users\Admin\AppData\Local\Temp\defec415793e9bcf719f0858df5b8415a8919bf4c10d67deef03776e089bda20.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4388

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4388-0-0x0000000000380000-0x000000000038C000-memory.dmp

          Filesize

          48KB

          Download

        • memory/4388-1-0x00000000747E0000-0x0000000074F90000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4388-2-0x0000000004D30000-0x0000000004DCC000-memory.dmp

          Filesize

          624KB

          Download

        • memory/4388-3-0x0000000005420000-0x00000000059C4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4388-4-0x0000000004F10000-0x0000000004F20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4388-5-0x0000000005120000-0x00000000051B2000-memory.dmp

          Filesize

          584KB

          Download

        • memory/4388-6-0x0000000005CB0000-0x0000000005CBA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4388-7-0x00000000747E0000-0x0000000074F90000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4388-8-0x0000000004F10000-0x0000000004F20000-memory.dmp

          Filesize

          64KB

          Download