Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-05-2024 19:12
Behavioral task
behavioral1
Sample
7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe
-
Size
43KB
-
MD5
7e121766e1e15b833eced37bd8bac0e8
-
SHA1
73cec3925cdddfb4ee52e992a4725f3bf2c7a33c
-
SHA256
51f4f99522b25451cdbe601649aff5137aa3c7b5fd5bccfe936a11f5f5b3f62f
-
SHA512
8af4bb23aa70796319c6b7c32a75e1cf4ae70f75aee62cba59d02a3e3dffb68a46cc33784fad730447540994fb6b802e1af1b29d770b373161bfe8a9312aff32
-
SSDEEP
384:RZyP8Bq0lwZmoy7ypUwCwEhxmD0aXzoIij+ZsNO3PlpJKkkjh/TzF7pWnIfgreTn:DTNGol7oUr+DjuXQ/o1f+L
Malware Config
Extracted
Family
njrat
Version
Njrat 0.7 Golden By Hassan Amiri
Botnet
66767
C2
192.168.0.18:6522
Mutex
Windows Update
Attributes
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Drops startup file 2 IoCs
Processes:
7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exepid process 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
Processes:
7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: 33 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1640 7e121766e1e15b833eced37bd8bac0e8_JaffaCakes118.exe