Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 04:44
General
-
Target
b0607b9f6d19118b1d96753fd3a87ef0_NeikiAnalytics.exe
-
Size
710KB
-
MD5
b0607b9f6d19118b1d96753fd3a87ef0
-
SHA1
bfb9558b6479e5aeae336b3500a034f264c49ffb
-
SHA256
5da06995af77fb06e903a02404694092fb14fb186092f072b5e2384d7434cc79
-
SHA512
3388fc8fd541d7086f973241e3e4e143601449e27b937af7c06c27ced9854b82654fda0b81e900ff72b189d1f288a86100e5f9c311149a11d81d4acbd0e02070
-
SSDEEP
12288:5rnBPqHessFFDidFkjBj4OPY1z+tNpA8pS+Se1OqoUv:5TByAFDVVjBY1zGUQhv
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7NC
Botnet
NYAN CAT
C2
seznam.zapto.org:5050
Mutex
54cc501dc54c435a83
Attributes
-
reg_key
54cc501dc54c435a83
-
splitter
@!#&^%$
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Suspicious use of AdjustPrivilegeToken 37 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0607b9f6d19118b1d96753fd3a87ef0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b0607b9f6d19118b1d96753fd3a87ef0_NeikiAnalytics.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2320-0-0x00000000740CE000-0x00000000740CF000-memory.dmpFilesize
4KB
-
memory/2320-1-0x0000000001160000-0x0000000001218000-memory.dmpFilesize
736KB
-
memory/2320-2-0x00000000740C0000-0x00000000747AE000-memory.dmpFilesize
6.9MB
-
memory/2320-3-0x00000000005A0000-0x0000000000606000-memory.dmpFilesize
408KB
-
memory/2320-4-0x00000000740C0000-0x00000000747AE000-memory.dmpFilesize
6.9MB
-
memory/2320-5-0x0000000000AB0000-0x0000000000ABC000-memory.dmpFilesize
48KB
-
memory/2320-6-0x00000000740CE000-0x00000000740CF000-memory.dmpFilesize
4KB
-
memory/2320-7-0x00000000740C0000-0x00000000747AE000-memory.dmpFilesize
6.9MB