njrat | 2884dcb85bdae9d17e887195618580f9c993bc3cabee354d61f8cb0ed1971f3a

Analysis

max time kernel
149s
max time network
139s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Size

428KB
MD5

75428f615d6c9e05a44f7d8d1c653f40
SHA1

4e07e2ab44c29ec0d0e2968ea2153c472f7a6ac7
SHA256

2884dcb85bdae9d17e887195618580f9c993bc3cabee354d61f8cb0ed1971f3a
SHA512

5caeba7cb56dde868b7520f5244ddad93e6af998ed0854cffebf9ea6f9a56b0de36cab00f26b6fb21309889e7e06964679614e4cb3af3e3294028e2a84304b04
SSDEEP

12288:wbWthB6WCXrfcZJidAB/KLvVIaDdGkDDxDDDQDDiDDQ+iDDDwPD7uDiOeC9:5hBFCXjHmkSkDDxDDDQDDiDDQ+2DDwPW

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

ronymahmoud.casacam.net:5050

Mutex

bf24d0816e8b

Attributes

reg_key
bf24d0816e8b
splitter
@!#&^%$

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 27 IoCs

Processes:

75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe

description	pid	process
Token: SeDebugPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: 33	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2236	75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75428f615d6c9e05a44f7d8d1c653f40_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000074B1E000-0x0000000074B1F000-memory.dmp

Filesize
4KB

Download
memory/2236-1-0x0000000000DF0000-0x0000000000E60000-memory.dmp

Filesize
448KB

Download
memory/2236-2-0x0000000074B10000-0x00000000751FE000-memory.dmp

Filesize
6.9MB

Download
memory/2236-5-0x00000000003D0000-0x00000000003DC000-memory.dmp

Filesize
48KB

Download
memory/2236-6-0x0000000074B10000-0x00000000751FE000-memory.dmp

Filesize
6.9MB

Download