Overview

overview

10

Static

static

9e9ad2a3d6...e3.exe

windows7_x64

10

9e9ad2a3d6...e3.exe

windows10_x64

10

Analysis

  • max time kernel
    4s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    01-03-2021 18:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e9ad2a3d696f2327d702b58c5f0329caddce1571d842ecc9ca02f3f23677ae3.exe

  • Size

    6.7MB

  • MD5

    e7955b7487f9be142b49b64aa511bc7a

  • SHA1

    6c644f1ca1226feaec45935e890504ac154d183c

  • SHA256

    9e9ad2a3d696f2327d702b58c5f0329caddce1571d842ecc9ca02f3f23677ae3

  • SHA512

    e8c49950a6101c7d3cc73c6efd7343a84da2c293012eb7c33777244d1ed9c1b344d46ff81c691ad6c5ed2103cd51dbdd16fa73b9dbc93df07b3c0417e206b502

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 1 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Blocklisted process makes network request 1 IoCs
  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e9ad2a3d696f2327d702b58c5f0329caddce1571d842ecc9ca02f3f23677ae3.exe
    "C:\Users\Admin\AppData\Local\Temp\9e9ad2a3d696f2327d702b58c5f0329caddce1571d842ecc9ca02f3f23677ae3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:292
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Users\Admin\AppData\Local\Temp\9e9ad2a3d696f2327d702b58c5f0329caddce1571d842ecc9ca02f3f23677ae3.exe"
      2⤵
      • Blocklisted process makes network request
      PID:1544
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
    1⤵
    • Drops startup file
    PID:1772

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/292-2-0x0000000076861000-0x0000000076863000-memory.dmp

    Filesize

    8KB

    Download

  • memory/292-4-0x0000000002240000-0x00000000022BB000-memory.dmp

    Filesize

    492KB

    Download

  • memory/292-6-0x00000000022C0000-0x0000000002440000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1544-8-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1544-9-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download