Analysis
-
max time kernel
46s -
max time network
140s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
28-01-2021 12:57
General
-
Target
c8a0556f803e6e456cfea037885f007dba3b69287459562324460829c57380b7.exe
-
Size
3.3MB
-
MD5
1b99a6a9c0905e6d87ead147a5ca11ce
-
SHA1
abff2d68a4ffa3a60b89a62e5aed2e9251c864c8
-
SHA256
c8a0556f803e6e456cfea037885f007dba3b69287459562324460829c57380b7
-
SHA512
3ec41b43e4eed9d02b49228ca6470fc8038c033a7ae4d8b4197ef9807872de1d99fa9e486d5397edb140b05ae529c772d080c284f77ab43be644751d30440472
Score
10/10
Malware Config
Signatures
-
ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
-
ParallaxRat payload 1 IoCs
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8a0556f803e6e456cfea037885f007dba3b69287459562324460829c57380b7.exe"C:\Users\Admin\AppData\Local\Temp\c8a0556f803e6e456cfea037885f007dba3b69287459562324460829c57380b7.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144KB
-
Filesize
8KB