Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/07/2024, 01:06

General

  • Target

    2f8b31b4241603acd8f15553579ba487_JaffaCakes118.exe

  • Size

    25KB

  • MD5

    2f8b31b4241603acd8f15553579ba487

  • SHA1

    bfc83bf87fdb99e84090d3f1e220e0d20cf48182

  • SHA256

    0efc00603ee0a39c6b1575d876bd6681ca706139268fdcab239496a734eb32e7

  • SHA512

    221677cfd023211838a614831cf9f28edc297afced194e4bc7776bff6f78723d9135412500073e76eefaa3a3d55a94272efd7c6fce09cbbfb4cfb4328573ce45

  • SSDEEP

    384:sv3ZI8mrrEAz6xIwI/efrjk9juOrfaFu9wTe4N6U/XdWNSTyH5gyt:svpCrrE0S/IWk8pFu9wq1U/XdRTyv

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Pasha

C2

zelenui.gotdns.ch:7777

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f8b31b4241603acd8f15553579ba487_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f8b31b4241603acd8f15553579ba487_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4212-0-0x0000000000590000-0x0000000000598000-memory.dmp

    Filesize

    32KB

  • memory/4212-1-0x00007FFB66973000-0x00007FFB66975000-memory.dmp

    Filesize

    8KB

  • memory/4212-2-0x0000000000D30000-0x0000000000D42000-memory.dmp

    Filesize

    72KB

  • memory/4212-3-0x00007FFB66970000-0x00007FFB67431000-memory.dmp

    Filesize

    10.8MB

  • memory/4212-4-0x00007FFB66970000-0x00007FFB67431000-memory.dmp

    Filesize

    10.8MB