njrat | 02ee0ae6baf57467721232f6dec5affcb0ef7c60fd79c7128a15f8ccdea84d5a

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Size

25KB
MD5

f0f443b7318c5dedb0c61ffc26e02c2c
SHA1

5ea76e22b0c9f4feda7251964f8a1245ba49430a
SHA256

02ee0ae6baf57467721232f6dec5affcb0ef7c60fd79c7128a15f8ccdea84d5a
SHA512

04efc80427c30411eedf7fc81f8b82e2071da0b5e5a8a198fda85c921342c0a0ea6cb48d43f4002f6e25d1ffc97666bd9855fb2239305d82b5f9f85dbaa74a1e
SSDEEP

384:sv3ZIN+34K/NzM9wZCRybdOe3SCQFODfvUVuX8k56RZKN8TNrjU+yTgVzJ:svpdISz5ZDMmDb9B0Qu5U+ysNJ

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

25.93.215.70:7777

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeDebugPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: 33	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2704	f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0f443b7318c5dedb0c61ffc26e02c2c_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2704-0-0x000007FEF5E93000-0x000007FEF5E94000-memory.dmp

Filesize
4KB

Download
memory/2704-1-0x00000000013E0000-0x00000000013E8000-memory.dmp

Filesize
32KB

Download
memory/2704-2-0x0000000000150000-0x0000000000162000-memory.dmp

Filesize
72KB

Download
memory/2704-3-0x000007FEF5E90000-0x000007FEF687C000-memory.dmp

Filesize
9.9MB

Download
memory/2704-4-0x000007FEF5E93000-0x000007FEF5E94000-memory.dmp

Filesize
4KB

Download
memory/2704-5-0x000007FEF5E90000-0x000007FEF687C000-memory.dmp

Filesize
9.9MB

Download