Analysis

  • max time kernel
    17s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    27-11-2020 11:07

General

  • Target

    75d5fd644a3d73d854cb3da238dfc0f3675cdee19acafd73d773b72ad66c625b.exe

  • Size

    1016KB

  • MD5

    083591e8b186ebb55fe0f0cf222bdcdd

  • SHA1

    084375103de81a9fce81f3699f4e212f94c34bc1

  • SHA256

    75d5fd644a3d73d854cb3da238dfc0f3675cdee19acafd73d773b72ad66c625b

  • SHA512

    baf93a304667493582b7a45c212638a3b50f74dcba80cfabe46b5a7fb7dee7ac3cdc2ea7304e7f1c6933edfafeb89fb15d42f50764002183188f2828e802eb3d

Score
10/10

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

  • ParallaxRat payload 1 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Blacklisted process makes network request 1 IoCs
  • Drops startup file 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75d5fd644a3d73d854cb3da238dfc0f3675cdee19acafd73d773b72ad66c625b.exe
    "C:\Users\Admin\AppData\Local\Temp\75d5fd644a3d73d854cb3da238dfc0f3675cdee19acafd73d773b72ad66c625b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Users\Admin\AppData\Local\Temp\75d5fd644a3d73d854cb3da238dfc0f3675cdee19acafd73d773b72ad66c625b.exe"
      2⤵
      • Blacklisted process makes network request
      PID:1512
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
    1⤵
    • Drops startup file
    PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1512-3-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB