Analysis

  • max time kernel
    129s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 14:11

General

  • Target

    2ad32f3d0310d51ab22356bd7c994c57bcdaff5b9b6c043b137f84316916b0d4.exe

  • Size

    47KB

  • MD5

    9079f06a955a4ad20de17fa605476619

  • SHA1

    fa930506d5ae47abe9c9a5b48f3bfc57e6a1b4e8

  • SHA256

    2ad32f3d0310d51ab22356bd7c994c57bcdaff5b9b6c043b137f84316916b0d4

  • SHA512

    211687241ba6cbd53227b2bd4babad7e397d543eb5e683bf41f41c77d6eec5bde878aa7ecc87600aa01c0fa43c65e8233e3cb02647ebc9a6d9c1eb512a2ebdd0

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ad32f3d0310d51ab22356bd7c994c57bcdaff5b9b6c043b137f84316916b0d4.exe
    "C:\Users\Admin\AppData\Local\Temp\2ad32f3d0310d51ab22356bd7c994c57bcdaff5b9b6c043b137f84316916b0d4.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1668-55-0x0000000075191000-0x0000000075193000-memory.dmp

    Filesize

    8KB

  • memory/1668-56-0x00000000005E0000-0x00000000005E1000-memory.dmp

    Filesize

    4KB