njrat | 523f2d292173cb9e037da10c22522cf3588472e688c14434872cde4660b30b11

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Size

25KB
MD5

df5d1443391e0c73f2ef37646feda565
SHA1

3e344bf128ea8dcaa630e07b4b45e06fb42a547f
SHA256

523f2d292173cb9e037da10c22522cf3588472e688c14434872cde4660b30b11
SHA512

bea02d1330d6ecd1486a2a78a69401920d6a52f3fd5f82aba317d797f558b519b52fae12baf398716c51ad434ea6852f40a813aaa6bb0cd7b9839a1f6674850a
SSDEEP

768:svpI/08EHb9txhTJ2jKpJf5c+8eSGJX7Dcpp:QEeHbTfd2jEJhcFbGhDcv

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeDebugPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: 33	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2196	df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\df5d1443391e0c73f2ef37646feda565_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2196-0-0x000007FEF4C83000-0x000007FEF4C84000-memory.dmp

Filesize
4KB

Download
memory/2196-1-0x00000000002E0000-0x00000000002E8000-memory.dmp

Filesize
32KB

Download
memory/2196-2-0x0000000000240000-0x0000000000252000-memory.dmp

Filesize
72KB

Download
memory/2196-3-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download
memory/2196-4-0x000007FEF4C83000-0x000007FEF4C84000-memory.dmp

Filesize
4KB

Download
memory/2196-5-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download