Analysis
-
max time kernel
37s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07-09-2022 11:36
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20220901-en
General
-
Target
1.exe
-
Size
68KB
-
MD5
93dff428b7ecfc0e4320d5190bd095b4
-
SHA1
2c8b2fbc863bdbbbe9ec69ec4ca0cefa5afef503
-
SHA256
76d00037ad0e19a299b97f7781affae6c33254887d0068dd7d13a34cc3d26297
-
SHA512
a77712c3f40a0ab0ef7bfd8927f5815d1c2d506cd5013fe44a392b1f585e889001ce48e424415c4fbd0598877fd9def3a26e1d24f27731e070d34dffb1b6ba58
-
SSDEEP
768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMINEV:BHJaAoHoc2x7bZoYBAcQlwJdMC
Malware Config
Signatures
-
RunningRat
RunningRat is a remote access trojan first seen in 2018.
-
RunningRat payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1384-54-0x0000000010000000-0x000000001000F000-memory.dmp family_runningrat -
Loads dropped DLL 1 IoCs
Processes:
1.exepid process 1384 1.exe -
Drops file in System32 directory 1 IoCs
Processes:
1.exedescription ioc process File created C:\Windows\SysWOW64\7093724.dll 1.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD56885e1deaf80970a470bc0beecd46632
SHA13e1d477eafb9573c58d25c7fc2037b643056f524
SHA2564463d79f7e2b8e03129d0a2ac355ac7f3edf2bcdb2b627ebb932438992be9e8b
SHA512e45f27712629701feb729e2ec2b9377e236004074afb2dbb00914c6abe04446c7d1251d3db4178a430382f0708c1a401a01ff65e6e2b7f54f5f910045f18956f