Overview

overview

10

Static

static

INQUIRY_.exe

windows7_x64

10

INQUIRY_.exe

windows10_x64

10

Analysis

  • max time kernel
    30s
  • max time network
    166s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    INQUIRY_.exe

  • Size

    355KB

  • MD5

    50ad2932e2e76773f14886ce03dc8d19

  • SHA1

    1d16cca7e71e36d76d0d22395bb3d60ae9db0f48

  • SHA256

    3bd7eae6d409d1654f4317994ec8311946d96737f1c9042ff1fc5b8fb089d549

  • SHA512

    f64db23ae8dc25ece8292d4b1231e8e1d60f4185cd66e999c794a3f9571e4ba1c4764158f506baf1636a4e539f22bea4cfd5b5173483f205dec36775deb41eea

Score
10/10
parallaxdiscoveryrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 1 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\INQUIRY_.exe
    "C:\Users\Admin\AppData\Local\Temp\INQUIRY_.exe"
    1⤵
      PID:2836
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        2⤵
          PID:1040

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1040-134-0x0000000002F00000-0x0000000002F06000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1040-135-0x0000000077889000-0x000000007788A000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1040-139-0x00007FF824D90000-0x00007FF824F6B000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1040-160-0x0000000000400000-0x0000000000429000-memory.dmp

        Filesize

        164KB

        Download

      • memory/2836-128-0x0000000000630000-0x0000000000635000-memory.dmp

        Filesize

        20KB

        Download

      • memory/2836-129-0x00000000006A0000-0x0000000002233000-memory.dmp

        Filesize

        27.6MB

        Download

      • memory/2836-131-0x00000000006A0000-0x0000000002233000-memory.dmp

        Filesize

        27.6MB

        Download

      • memory/2836-130-0x00007FF824D90000-0x00007FF824F6B000-memory.dmp

        Filesize

        1.9MB

        Download