Overview

overview

10

Static

static

b9d6e34118...77.exe

windows7_x64

10

b9d6e34118...77.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9d6e34118727762237c58edda33894c5753b3e2a44c6d8e235ac50163438c77.exe

  • Size

    192KB

  • MD5

    09d7244e1160ae4ce2cc24275ae60ef4

  • SHA1

    55dd40229b9fba7feaada4d61ecbb240855aee9a

  • SHA256

    b9d6e34118727762237c58edda33894c5753b3e2a44c6d8e235ac50163438c77

  • SHA512

    4805593b1984fb28b365bdacea1f6a95dada12735c2d7876c472edd29d118414a8a2282fc7879f29b7acae160fc9abcaefa88eda7477deccc0e3f0521f09da02

Score
10/10
vanillaratrat

Malware Config

Signatures

  • VanillaRat

    VanillaRat is an advanced remote administration tool coded in C#.

    ratvanillarat
  • Vanilla Rat Payload 6 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9d6e34118727762237c58edda33894c5753b3e2a44c6d8e235ac50163438c77.exe
    "C:\Users\Admin\AppData\Local\Temp\b9d6e34118727762237c58edda33894c5753b3e2a44c6d8e235ac50163438c77.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Users\Admin\AppData\Local\Temp\b9d6e34118727762237c58edda33894c5753b3e2a44c6d8e235ac50163438c77.exe
      "C:\Users\Admin\AppData\Local\Temp\b9d6e34118727762237c58edda33894c5753b3e2a44c6d8e235ac50163438c77.exe"
      2⤵
        PID:1096

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1096-57-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-58-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-60-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-61-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-62-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-63-0x000000000041DC1E-mapping.dmp
      Download
    • memory/1096-65-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-67-0x0000000000400000-0x0000000000422000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1096-68-0x0000000075451000-0x0000000075453000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1808-54-0x0000000000830000-0x000000000086A000-memory.dmp
      Filesize

      232KB

      Download
    • memory/1808-55-0x00000000001F0000-0x00000000001F6000-memory.dmp
      Filesize

      24KB

      Download
    • memory/1808-56-0x0000000000210000-0x000000000021A000-memory.dmp
      Filesize

      40KB

      Download