Overview

overview

10

Static

static

78ea47b51e...3f.exe

windows7_x64

10

78ea47b51e...3f.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    113s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-06-2022 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78ea47b51ee8f1ae3dc5b98e56c43d3f.exe

  • Size

    1.0MB

  • MD5

    78ea47b51ee8f1ae3dc5b98e56c43d3f

  • SHA1

    99e64c6a730642430ef80215393adbfba11122b6

  • SHA256

    24972cecda20154015c31f4a8820764cbfa958d2968ab2b4a7c9e3e43510b888

  • SHA512

    7a773021c6c02e5905ff1e3e99b3fb6cbfd5b6617ff831aea5b4cdf416e3d044e55895a5bf1e6fe5da3e3d6272fa82f7b88aaf592d6d61d94477e927a65fb19b

Score
10/10
sectopratrattrojan

Malware Config

Signatures

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT Payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78ea47b51ee8f1ae3dc5b98e56c43d3f.exe
    "C:\Users\Admin\AppData\Local\Temp\78ea47b51ee8f1ae3dc5b98e56c43d3f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1004-135-0x0000000000000000-mapping.dmp

    Download

  • memory/1004-137-0x0000000000790000-0x0000000000832000-memory.dmp

    Filesize

    648KB

    Download

  • memory/1004-138-0x0000000004CF0000-0x0000000004D56000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2708-130-0x0000000000D40000-0x0000000000E42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2708-131-0x0000000005480000-0x0000000005A24000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2708-132-0x0000000004F70000-0x0000000005002000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2708-133-0x0000000005010000-0x00000000050AC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2708-134-0x0000000009000000-0x000000000900A000-memory.dmp

    Filesize

    40KB

    Download