njrat | b4bab00a1266c3b688cfc811015c19b2cf06d14be7fd577cd2a2c7fee29a3a10

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

939255a91c0a2198e56d3f87286439bd.exe
Size

55KB
MD5

939255a91c0a2198e56d3f87286439bd
SHA1

e4462da0c2f65765f210ce95931df0523b18a603
SHA256

b4bab00a1266c3b688cfc811015c19b2cf06d14be7fd577cd2a2c7fee29a3a10
SHA512

aab13ea30415a7f3a960f1bd1b9ec0d55a0633b2d09f88d6d26c266636705b9343d17f3f5ebc7a8caf66bc0f693237558e7dbc64287ec8b616bff8222021242b
SSDEEP

768:jSDyFut1MankI2N9hi8QR3Q0kSNAmwFvfu0YMDHPsGL7XJSxI3pmam:jSy8Dn2N9hi8KdDVwsNMDFXExI3pmam

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes:

939255a91c0a2198e56d3f87286439bd.exe

description	pid	process
Token: SeDebugPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: 33	2392	939255a91c0a2198e56d3f87286439bd.exe
Token: SeIncBasePriorityPrivilege	2392	939255a91c0a2198e56d3f87286439bd.exe

C:\Users\Admin\AppData\Local\Temp\939255a91c0a2198e56d3f87286439bd.exe
"C:\Users\Admin\AppData\Local\Temp\939255a91c0a2198e56d3f87286439bd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-0-0x0000000074031000-0x0000000074032000-memory.dmp

Filesize
4KB

Download
memory/2392-1-0x0000000074030000-0x00000000745DB000-memory.dmp

Filesize
5.7MB

Download
memory/2392-2-0x0000000074030000-0x00000000745DB000-memory.dmp

Filesize
5.7MB

Download
memory/2392-3-0x0000000074030000-0x00000000745DB000-memory.dmp

Filesize
5.7MB

Download