Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 08:47

General

  • Target

    8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe

  • Size

    29KB

  • MD5

    aaf00b53df385ee3e4a34e3712ec0636

  • SHA1

    f6e75b61bef2a1075eae83790dedb0dc41e26acf

  • SHA256

    8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521

  • SHA512

    b49ff6ff7f2045de7b938d6cf0b7777258559d209d43b5b8bf0743e224e163d91f40d9b10ae09d7e46dc0b9c00ad0636933c898ae84b0be42cd0fc8071edfb6e

  • SSDEEP

    768:AJ9YS3WB+eetzo8ao3uqzAKxwGrdSEy5Z:09hWetzZuewmkZ

Score
10/10

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe
    "C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4184
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe" "8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:964

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4184-0-0x00000000746F0000-0x0000000074CA1000-memory.dmp

          Filesize

          5.7MB

        • memory/4184-1-0x0000000001990000-0x00000000019A0000-memory.dmp

          Filesize

          64KB

        • memory/4184-2-0x00000000746F0000-0x0000000074CA1000-memory.dmp

          Filesize

          5.7MB

        • memory/4184-3-0x00000000746F0000-0x0000000074CA1000-memory.dmp

          Filesize

          5.7MB

        • memory/4184-4-0x0000000001990000-0x00000000019A0000-memory.dmp

          Filesize

          64KB

        • memory/4184-5-0x00000000746F0000-0x0000000074CA1000-memory.dmp

          Filesize

          5.7MB