Overview

overview

10

Static

static

3

63c74e45cb...18.exe

windows7-x64

10

63c74e45cb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63c74e45cb4ba38e8ba6089425a6abd8_JaffaCakes118.exe

  • Size

    51KB

  • MD5

    63c74e45cb4ba38e8ba6089425a6abd8

  • SHA1

    62e10fad448388f8d632a92315a3f08fb4a443e4

  • SHA256

    05b68547cddebd3ed640b6ad5d3bcedb6bc6f28655fc27e79a83158af135b774

  • SHA512

    57a2f718aaf2e498084d1e4f889f1df3572adb1905cf2691807e954beebb5d64ea37cb6671cc2936aee9e8dd7e6c315e62e8aefa1fdad711bba5b03203843f64

  • SSDEEP

    768:/EBxW6qur+oSkVuX/pvQ/kWRBBiH92xxWT52HJ4CV7I43Um:/WWYrtSfXhY/kW5iduxWT52pphI4km

Score
10/10
njrat2020trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2020

C2

monero.linkpc.net:20164

Mutex

6ec339b9056cae8141664aa65b573d66

Attributes
  • reg_key

    6ec339b9056cae8141664aa65b573d66

  • splitter

    XTTHX

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63c74e45cb4ba38e8ba6089425a6abd8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\63c74e45cb4ba38e8ba6089425a6abd8_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3436-0-0x00007FFC9BCC5000-0x00007FFC9BCC6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3436-1-0x000000001B8C0000-0x000000001B966000-memory.dmp

    Filesize

    664KB

    Download

  • memory/3436-2-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-3-0x000000001BE40000-0x000000001C30E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/3436-4-0x000000001C3E0000-0x000000001C47C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3436-5-0x0000000001180000-0x0000000001188000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3436-6-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-7-0x000000001C540000-0x000000001C58C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3436-8-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-9-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-10-0x00007FFC9BCC5000-0x00007FFC9BCC6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3436-11-0x0000000001280000-0x000000000128C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3436-12-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-13-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-14-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3436-15-0x00007FFC9BA10000-0x00007FFC9C3B1000-memory.dmp

    Filesize

    9.6MB

    Download