Overview

overview

10

Static

static

3

96fcbd0332...cN.exe

windows7-x64

10

96fcbd0332...cN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9acN.exe

  • Size

    193KB

  • MD5

    ec168d81b6e03372b56fd2dae9577a10

  • SHA1

    37115736d2894e7232f76dd4361c66743d6271d7

  • SHA256

    96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9ac

  • SHA512

    a25329b14b205c069a3ebeaef73a97ed6ccff373c1af77f134328b0831c142317189460bb231f9bb4485a9b65f35781a639059668f2befa128a4db34ac850a9f

  • SSDEEP

    3072:FswcCukiBTmvDPt0dVgTuxHX31u4MYkGzmHK2VHFepUjhVwP6xsVF6jYhWPENCgf:oCu1BoqVgTOH1WYQqy

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

encrypted7745.hopto.org:1177

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9acN.exe
    "C:\Users\Admin\AppData\Local\Temp\96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9acN.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2320-0-0x00007FFBD25A3000-0x00007FFBD25A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2320-1-0x0000000000720000-0x0000000000758000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2320-2-0x0000000000F10000-0x0000000000F22000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2320-3-0x00007FFBD25A0000-0x00007FFBD3061000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2320-5-0x00007FFBD25A0000-0x00007FFBD3061000-memory.dmp

    Filesize

    10.8MB

    Download