Overview

overview

10

Static

static

3

b0607b9f6d...cs.exe

windows7-x64

10

b0607b9f6d...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0607b9f6d19118b1d96753fd3a87ef0_NeikiAnalytics.exe

  • Size

    710KB

  • MD5

    b0607b9f6d19118b1d96753fd3a87ef0

  • SHA1

    bfb9558b6479e5aeae336b3500a034f264c49ffb

  • SHA256

    5da06995af77fb06e903a02404694092fb14fb186092f072b5e2384d7434cc79

  • SHA512

    3388fc8fd541d7086f973241e3e4e143601449e27b937af7c06c27ced9854b82654fda0b81e900ff72b189d1f288a86100e5f9c311149a11d81d4acbd0e02070

  • SSDEEP

    12288:5rnBPqHessFFDidFkjBj4OPY1z+tNpA8pS+Se1OqoUv:5TByAFDVVjBY1zGUQhv

Score
10/10
njratnyan cattrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

seznam.zapto.org:5050

Mutex

54cc501dc54c435a83

Attributes
  • reg_key

    54cc501dc54c435a83

  • splitter

    @!#&^%$

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0607b9f6d19118b1d96753fd3a87ef0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b0607b9f6d19118b1d96753fd3a87ef0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-0-0x000000007449E000-0x000000007449F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-1-0x0000000000410000-0x00000000004C8000-memory.dmp
    Filesize

    736KB

    Download
  • memory/1688-2-0x0000000005340000-0x00000000058E4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1688-3-0x0000000004E70000-0x0000000004F02000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1688-4-0x0000000004FB0000-0x000000000504C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/1688-5-0x0000000004F30000-0x0000000004F3A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1688-6-0x0000000005140000-0x0000000005196000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1688-7-0x0000000074490000-0x0000000074C40000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/1688-8-0x0000000005280000-0x00000000052E6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1688-9-0x0000000074490000-0x0000000074C40000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/1688-10-0x0000000005330000-0x000000000533C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1688-11-0x00000000064A0000-0x0000000006506000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1688-12-0x000000007449E000-0x000000007449F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-13-0x0000000074490000-0x0000000074C40000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/1688-14-0x0000000074490000-0x0000000074C40000-memory.dmp
    Filesize

    7.7MB

    Download