parallax | 978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f

General

Target

e83b5f2b03ffe236917d448f42937528.exe
Size

498KB
MD5

e83b5f2b03ffe236917d448f42937528
SHA1

f316f26720a06f7698e2ad6bb6e5bb64bfd602ef
SHA256

978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f
SHA512

da6d0914bdeba06a323f3a22292cf51497ab3e27f8ad1d1c6b77fa7e8e248c5a3139d8b7efd61edb2c2a91ac8482f5b2095d9aade7befe6813766c38d81fe8aa

Score

10^/10

parallax rat

ParallaxRat payload 1 IoCs

Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

resource	yara_rule
behavioral1/memory/1244-9-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat

Suspicious behavior: EnumeratesProcesses 28 IoCs

Suspicious use of FindShellTrayWindow 4 IoCs

Suspicious use of SendNotifyMessage 4 IoCs

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1244	384	e83b5f2b03ffe236917d448f42937528.exe	29
PID 384 wrote to memory of 1232	384	e83b5f2b03ffe236917d448f42937528.exe	11

memory/384-2-0x0000000000230000-0x00000000002AB000-memory.dmp

Filesize
492KB

Download
memory/384-7-0x0000000001D10000-0x0000000001E90000-memory.dmp

Filesize
1.5MB

Download
memory/384-12-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/384-11-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/384-13-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1232-10-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1244-4-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1244-6-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1244-8-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1244-9-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download