arrowrat | bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7

Analysis

max time kernel
111s
max time network
176s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
02-10-2022 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe
Size

495KB
MD5

f617dc0ef20d4e72ffd6bc77dd369015
SHA1

0d42af92a721dfb973da334263db1171924cb7b6
SHA256

bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7
SHA512

0b39e90dadf556df5a74e8eb1cc1ebd5b2263a3f3e42d9430bb61446aac2df8beced2df3f00840d92ed05954c90043cce80d3a0c58a9d804136c057bbffee08c
SSDEEP

12288:2iT5fZPOxHPJHAVwGoh7tfw1h8BvgcNW9eoRmotAG8TJ1k:2iT5fZwxHigBfw1h8KcPemotm

Score

10^/10

arrowrat rat

Malware Config

Signatures

ArrowRat
Remote access tool with various capabilities first seen in late 2021.
rat arrowrat

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1760 set thread context of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5024	3744	WerFault.exe	66

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66
PID 1760 wrote to memory of 3744	1760	bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe	66

C:\Users\Admin\AppData\Local\Temp\bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe
"C:\Users\Admin\AppData\Local\Temp\bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe
  C:\Users\Admin\AppData\Local\Temp\bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe
  2⤵
  PID:3744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 712
    3⤵
    - Program crash
    PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\bd26b88c1d59a173c2d183fa24b40d5452685a4686d52acab8f6d1f6b8a1f2d7.exe.log

Filesize
789B

MD5
db5ef8d7c51bad129d9097bf953e4913

SHA1
8439db960aa2d431bf5ec3c37af775b45eb07e06

SHA256
1248e67f10b47b397af3c8cbe342bad4be75c68b8e10f4ec6341195cc3138bd9

SHA512
04572485790b25e1751347e43b47174051cd153dd75fd55ee5590d25a2579f344cd96cf86cf45bdb7759e3e6d0f734d0ff717148ca70f501b9869e964e036fee

Download Submit
memory/1760-120-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-121-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-122-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-123-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-124-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-125-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-126-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-127-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-128-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-129-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-130-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-132-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-131-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-133-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-134-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-135-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-136-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-137-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-138-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-139-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-140-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-141-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-142-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-143-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-144-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-145-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-146-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-147-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-148-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-149-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-150-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-151-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-152-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-153-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-154-0x00000000008F0000-0x0000000000972000-memory.dmp

Filesize
520KB

Download
memory/1760-155-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-156-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-157-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-158-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-159-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-160-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-161-0x0000000007660000-0x000000000778E000-memory.dmp

Filesize
1.2MB

Download
memory/1760-162-0x0000000007C90000-0x000000000818E000-memory.dmp

Filesize
5.0MB

Download
memory/1760-163-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-164-0x0000000007830000-0x00000000078C2000-memory.dmp

Filesize
584KB

Download
memory/1760-165-0x0000000002F50000-0x0000000002F56000-memory.dmp

Filesize
24KB

Download
memory/1760-166-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-167-0x0000000007AD0000-0x0000000007B46000-memory.dmp

Filesize
472KB

Download
memory/1760-168-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-169-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-170-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-171-0x00000000077A0000-0x00000000077BE000-memory.dmp

Filesize
120KB

Download
memory/1760-172-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-173-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-174-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-175-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-176-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-177-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/1760-191-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-178-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3744-180-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-181-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-182-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-183-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-184-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-185-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-186-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-187-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-188-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-189-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3744-190-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads