Overview

overview

10

Static

static

3

63c74e45cb...18.exe

windows7-x64

10

63c74e45cb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63c74e45cb4ba38e8ba6089425a6abd8_JaffaCakes118.exe

  • Size

    51KB

  • MD5

    63c74e45cb4ba38e8ba6089425a6abd8

  • SHA1

    62e10fad448388f8d632a92315a3f08fb4a443e4

  • SHA256

    05b68547cddebd3ed640b6ad5d3bcedb6bc6f28655fc27e79a83158af135b774

  • SHA512

    57a2f718aaf2e498084d1e4f889f1df3572adb1905cf2691807e954beebb5d64ea37cb6671cc2936aee9e8dd7e6c315e62e8aefa1fdad711bba5b03203843f64

  • SSDEEP

    768:/EBxW6qur+oSkVuX/pvQ/kWRBBiH92xxWT52HJ4CV7I43Um:/WWYrtSfXhY/kW5iduxWT52pphI4km

Score
10/10
njrat2020trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2020

C2

monero.linkpc.net:20164

Mutex

6ec339b9056cae8141664aa65b573d66

Attributes
  • reg_key

    6ec339b9056cae8141664aa65b573d66

  • splitter

    XTTHX

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63c74e45cb4ba38e8ba6089425a6abd8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\63c74e45cb4ba38e8ba6089425a6abd8_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2240-0-0x000007FEF555E000-0x000007FEF555F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-1-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2240-2-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2240-3-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2240-4-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2240-5-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2240-6-0x0000000000540000-0x000000000054C000-memory.dmp

    Filesize

    48KB

    Download