Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-01-2025 11:53
Behavioral task
behavioral1
Sample
Payload.exe
Resource
win7-20241010-en
5 signatures
150 seconds
General
-
Target
Payload.exe
-
Size
55KB
-
MD5
ac5ef973fc76ab6ff614dcb3bd452ce8
-
SHA1
9d50255db0555a85a5a951a603b751c1a9eb3212
-
SHA256
65fec5b3720c81dca478b5b2cd29b68732f3fbddfb4a76b59df691a2f264acb8
-
SHA512
620d6b1ee771ad9dab13e5a855733f216d00f2b98c35fad9c5b152210ed12214c01d6bd05665f8687210a75993ee0ae321b666deceaf0afcb796013f93379a3a
-
SSDEEP
1536:IWDT8Dn+QNoB4vZ9Vk7dwmuXKDCwsNMD+XExI3pmrm:Hf8Dn+nWTVk7umuXKDCwsNMD+XExI3pm
Malware Config
Signatures
-
Njrat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Payload.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe 552 Payload.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: SeDebugPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe Token: 33 552 Payload.exe Token: SeIncBasePriorityPrivilege 552 Payload.exe