parallax | cad77abbfbf7a3e5e51c3663496519b82b48ca4bba75d3dd2343010e174942f3

General

Target

b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
Size

491KB
MD5

0b8b808ee70becf682a94715f091e8f7
SHA1

f9a73fee90079338f2ef10a3c1513f3e13ace777
SHA256

b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638
SHA512

7bbad7be37f871e04dd454b14b5fc09921bc59e6e17da8c79e5beb2bc33760fefff9d1ba37d43b8aafd5522c9dd38f89bb558c4b4eb304d33bfb0f92de0edefc

Score

10^/10

parallax rat

Malware Config

Signatures

ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
rat parallax

ParallaxRat payload 1 IoCs

Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

resource	yara_rule
behavioral1/memory/1336-65-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29
PID 2000 wrote to memory of 1336	2000	b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe	29

C:\Users\Admin\AppData\Local\Temp\b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe
"C:\Users\Admin\AppData\Local\Temp\b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\dllhost.exe
  "C:\Users\Admin\AppData\Local\Temp\b4010bf318221741f9b99ce7b4cc297c865bba0462f5b6a207b3b6c545658638.exe"
  2⤵
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-63-0x0000000075D11000-0x0000000075D13000-memory.dmp

Filesize
8KB

Download
memory/1336-64-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download
memory/1336-65-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2000-61-0x0000000001D20000-0x0000000001EA0000-memory.dmp

Filesize
1.5MB

Download
memory/2000-60-0x0000000001BB0000-0x0000000001C2B000-memory.dmp

Filesize
492KB

Download

Analysis

Sharing