Overview

overview

10

Static

static

packing list.xlsx.scr

windows7_x64

10

packing list.xlsx.scr

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    packing list.xlsx.scr

  • Size

    1.3MB

  • MD5

    4d0a93f479c185879347cff75337de5f

  • SHA1

    ff8159da86f6a43d07831c31b3b702375e71edf5

  • SHA256

    464b01b713a4c97b736dae0ea19855e97a172e7c11e9f7fe9ac0e054326c340c

  • SHA512

    1b4cf2d3df76552bb06e0fed18806911e2e19b545f076f3164532edd36f69ab22ad4c219e84b1f1b68aa5c4cdbeba356a161b71da0be3b95c54ea128fb427c42

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 7 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr
    "C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr" /S
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
      "Powershell" Add-MpPreference -ExclusionPath '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1720
    • C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr
      "C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr"
      2⤵
        PID:1712

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1668-58-0x00000000004C0000-0x00000000004D2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1668-55-0x0000000000540000-0x000000000056A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/1668-56-0x0000000075401000-0x0000000075403000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1668-54-0x0000000001260000-0x00000000013AA000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1712-65-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-60-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-61-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-63-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-64-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-68-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-67-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1712-71-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1720-72-0x00000000737E0000-0x0000000073D8B000-memory.dmp

      Filesize

      5.7MB

      Download