Analysis
-
max time kernel
148s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 02:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
78fd42f0ec9a7ecf52ef805bf3d1db88.exe
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
78fd42f0ec9a7ecf52ef805bf3d1db88.exe
Resource
win10v2004-20231222-en
4 signatures
150 seconds
General
-
Target
78fd42f0ec9a7ecf52ef805bf3d1db88.exe
-
Size
25KB
-
MD5
78fd42f0ec9a7ecf52ef805bf3d1db88
-
SHA1
f917d69c6a8f51f47d2a8dd4f92a54c974ab01f7
-
SHA256
8cf4c92a9e57a674510432fbda9543c350d3191aca49844f39e01fb4145a0a9f
-
SHA512
4471c05eb0378bab820a4fa4595ec14a5a66b5099401b6c17414ace59da992a4f979337099622675be9dbb012212f21dffe89ae16aa10efbf41c8df7b732e97b
-
SSDEEP
768:QL+C2aKZGdp0WAhO4aaQeXixmqenlMMVX:Qf11AhPnXiknlMUX
Malware Config
Extracted
Family
njrat
Version
SH Stub
Mutex
CARDDfTfqdeb
Attributes
-
reg_key
CARDDfTfqdeb
-
splitter
|'|'|
Signatures
-
Suspicious use of AdjustPrivilegeToken 29 IoCs
description pid Process Token: SeDebugPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: 33 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe Token: SeIncBasePriorityPrivilege 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1068 wrote to memory of 2148 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe 28 PID 1068 wrote to memory of 2148 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe 28 PID 1068 wrote to memory of 2148 1068 78fd42f0ec9a7ecf52ef805bf3d1db88.exe 28