Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
02-05-2022 15:15
General
-
Target
packing list.xlsx.scr
-
Size
1.3MB
-
MD5
4d0a93f479c185879347cff75337de5f
-
SHA1
ff8159da86f6a43d07831c31b3b702375e71edf5
-
SHA256
464b01b713a4c97b736dae0ea19855e97a172e7c11e9f7fe9ac0e054326c340c
-
SHA512
1b4cf2d3df76552bb06e0fed18806911e2e19b545f076f3164532edd36f69ab22ad4c219e84b1f1b68aa5c4cdbeba356a161b71da0be3b95c54ea128fb427c42
Score
10/10
Malware Config
Signatures
-
ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
-
ParallaxRat payload 2 IoCs
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr"C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr" /S1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe"Powershell" Add-MpPreference -ExclusionPath '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"'2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr"C:\Users\Admin\AppData\Local\Temp\packing list.xlsx.scr"2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
-
Filesize
408KB
-
Filesize
32KB
-
Filesize
304KB
-
Filesize
200KB
-
Filesize
6.2MB
-
Filesize
136KB
-
Filesize
408KB
-
Filesize
600KB
-
Filesize
216KB
-
Filesize
104KB
-
Filesize
56KB
-
Filesize
120KB
-
Filesize
6.5MB
-
Filesize
104KB
-
Filesize
40KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
1.3MB