Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23-05-2024 22:48
General
-
Target
6bdf6b0301c26b172abb7f55c3f3cf2070671314bcd3b0829187ef326902227f.exe
-
Size
213KB
-
MD5
24b77146a7c809ba5df8a37f19b68076
-
SHA1
a799ed58e846ce84a480c0d84fc6771364a6d315
-
SHA256
6bdf6b0301c26b172abb7f55c3f3cf2070671314bcd3b0829187ef326902227f
-
SHA512
83f82905f94b67a5b736340385613236f561449bf42f38ff21f4d181cbb94858606821bfb70c9e60fc6b96465a2c486c5f12185bf59bda8ee6e3af0fb00fcf61
-
SSDEEP
1536:muY/1ETEI+0XKRJRWevsJwcivfhmwXmMUAAAAAMA:hYtETNKRCeJNhDWMUAAAAAMA
Score
10/10
Malware Config
Extracted
Family
njrat
Version
v2.0
Botnet
HacKed
C2
127.0.0.1:1528
Mutex
Windows
Attributes
-
reg_key
Windows
-
splitter
|-F-|
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Detects executables using attrib with suspicious attributes attributes 5 IoCs
-
Detects file containing reversed ASEP Autorun registry keys 5 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6bdf6b0301c26b172abb7f55c3f3cf2070671314bcd3b0829187ef326902227f.exe"C:\Users\Admin\AppData\Local\Temp\6bdf6b0301c26b172abb7f55c3f3cf2070671314bcd3b0829187ef326902227f.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4083⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1832-0-0x0000000074A71000-0x0000000074A72000-memory.dmpFilesize
4KB
-
memory/1832-1-0x0000000074A70000-0x000000007501B000-memory.dmpFilesize
5.7MB
-
memory/1832-2-0x0000000074A70000-0x000000007501B000-memory.dmpFilesize
5.7MB
-
memory/1832-20-0x0000000074A70000-0x000000007501B000-memory.dmpFilesize
5.7MB
-
memory/2496-19-0x00000000029B0000-0x00000000029B1000-memory.dmpFilesize
4KB
-
memory/2668-15-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-9-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-13-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmpFilesize
4KB
-
memory/2668-7-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-17-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-18-0x0000000074A70000-0x000000007501B000-memory.dmpFilesize
5.7MB
-
memory/2668-5-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-3-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2668-21-0x0000000074A70000-0x000000007501B000-memory.dmpFilesize
5.7MB