Overview

overview

10

Static

static

3

b88fab508a...05.exe

windows7-x64

10

b88fab508a...05.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b88fab508a92dad0cf5b4ae5042c1a32c5dbf5d555c816a49fdc76f2370b7205.exe

  • Size

    26KB

  • MD5

    0282468e9f1de071b19373581696e846

  • SHA1

    b638adb1d995139824b04efea9e2881a7c6d5e75

  • SHA256

    b88fab508a92dad0cf5b4ae5042c1a32c5dbf5d555c816a49fdc76f2370b7205

  • SHA512

    fb49dcfc04491dfba933185c9f2b5d7504a0fb3684a2cbb5ba41a0adbdafe944310773bb35dc8815837f5d84c6ea758ed902adf68e0522dc4a3cf00e9838bbbe

  • SSDEEP

    384:tLd6aaZIVi/dMkt1cpDkjetHzCYe/iBY2OzRLTm3yilqr63tbctVvGf:9T0IVi/dMc1uT5e/gsEKVvGf

Score
10/10
njrattrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b88fab508a92dad0cf5b4ae5042c1a32c5dbf5d555c816a49fdc76f2370b7205.exe
    "C:\Users\Admin\AppData\Local\Temp\b88fab508a92dad0cf5b4ae5042c1a32c5dbf5d555c816a49fdc76f2370b7205.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4708-1-0x0000000074730000-0x0000000074EE0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4708-0-0x0000000000B70000-0x0000000000B7C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4708-2-0x0000000005610000-0x00000000056AC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4708-3-0x0000000005C60000-0x0000000006204000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4708-4-0x00000000057F0000-0x0000000005800000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5-0x0000000005900000-0x0000000005992000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4708-6-0x00000000055F0000-0x00000000055FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4708-7-0x0000000074730000-0x0000000074EE0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4708-8-0x00000000057F0000-0x0000000005800000-memory.dmp

    Filesize

    64KB

    Download