Overview

overview

10

Static

static

5c91064906...in.dll

windows7_x64

10

5c91064906...in.dll

windows10_x64

10

Analysis

  • max time kernel
    7s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    28-09-2021 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c9106490619ef294e77900e55f81a756e68b5b117458b2c6df8eac742b6ebf8.bin.dll

  • Size

    4.8MB

  • MD5

    18337a5ab0cd9c6244657872a6769619

  • SHA1

    46568704d146cf27a4b364a8838e24fb3fddc8ac

  • SHA256

    5c9106490619ef294e77900e55f81a756e68b5b117458b2c6df8eac742b6ebf8

  • SHA512

    8a1dc4b9b985c9ca1c5b405d6d984d5b4b154560d0c2eadea26260182b9a56a78bbc81970a210cf76b9d81b5a34550301e4d9d1506ebaa66b082287c1a218367

Score
10/10
parallaxratsuricata

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 1 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • suricata: ET MALWARE Parallax CnC Response Activity M14

    suricata: ET MALWARE Parallax CnC Response Activity M14

    suricata
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c9106490619ef294e77900e55f81a756e68b5b117458b2c6df8eac742b6ebf8.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c9106490619ef294e77900e55f81a756e68b5b117458b2c6df8eac742b6ebf8.bin.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:908
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\system32\notepad.exe"
        3⤵
          PID:1004
          • C:\Windows\SysWOW64\dllhost.exe
            "C:\Windows\system32\dllhost.exe"
            4⤵
              PID:2576

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/908-115-0x0000000003F90000-0x000000000447B000-memory.dmp

        Filesize

        4.9MB

        Download

      • memory/1004-117-0x0000000077E39000-0x0000000077E39005-memory.dmp

        Filesize

        5B

        Download

      • memory/1004-129-0x0000000000B30000-0x0000000000B32000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1004-138-0x0000000004FE0000-0x0000000004FE8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1004-139-0x00007FF9D9900000-0x00007FF9D9ADB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2576-151-0x00000000036B0000-0x00000000036B9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/2576-152-0x00007FF9D9900000-0x00007FF9D9ADB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2576-157-0x00007FF9D9901000-0x00007FF9D9A0E7A3-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2576-177-0x0000000000400000-0x0000000000424000-memory.dmp

        Filesize

        144KB

        Download