Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-09-2024 09:14

General

  • Target

    da0890c06e64805c56bdd28b87135572_JaffaCakes118.exe

  • Size

    154KB

  • MD5

    da0890c06e64805c56bdd28b87135572

  • SHA1

    1b4e2dab8e89050bdf09df403876630cf73d4871

  • SHA256

    718e6d5fa27ff0d30a9101f3c0e7846a88493f2cf45ebd4e5f3375e96c290771

  • SHA512

    271581251e18967e47a64395a7909738cfeb9dc2d319f0a866c5bb66a66d3162ad7360c0dff045d5bce206f0b7eda4a73ea53c5ffb7cd8ac223214029d6c8423

  • SSDEEP

    384:vRhJabFqMYX863PXlL4aFc/NjKLprfcPIeMFI6/1L6w2DFikpcCRu9L1wwAf4J7K:ZhJGIMYs6/Pc/fX8mk1H1hpE

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

B HAT

Mutex

f9da7cbb82fc486c908ea82600db03cb

Attributes
  • reg_key

    f9da7cbb82fc486c908ea82600db03cb

  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da0890c06e64805c56bdd28b87135572_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\da0890c06e64805c56bdd28b87135572_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2128-0-0x00007FF9BBB03000-0x00007FF9BBB05000-memory.dmp

    Filesize

    8KB

  • memory/2128-1-0x0000013E05C70000-0x0000013E05C9E000-memory.dmp

    Filesize

    184KB

  • memory/2128-2-0x00007FF9BBB03000-0x00007FF9BBB05000-memory.dmp

    Filesize

    8KB

  • memory/2128-3-0x0000013E06040000-0x0000013E0604C000-memory.dmp

    Filesize

    48KB

  • memory/2128-4-0x00007FF9BBB00000-0x00007FF9BC5C1000-memory.dmp

    Filesize

    10.8MB

  • memory/2128-5-0x00007FF9BBB00000-0x00007FF9BC5C1000-memory.dmp

    Filesize

    10.8MB