Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-12-2022 14:47
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.RRAT.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
HEUR-Trojan.Win32.RRAT.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
HEUR-Trojan.Win32.RRAT.exe
-
Size
16KB
-
MD5
7310548654a0e1bd553ae65d58701160
-
SHA1
792c541411b7ab41ad6caa4df4676fa8006edebc
-
SHA256
e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61
-
SHA512
6c51afaa33dbe29f8eedc29ccf1de8740e0b4989c1542af954380e3b5a6472c4253a1dd57f4ef32155a3c66fe958d080b6d2e91c5b25d916155df1d039f209c1
-
SSDEEP
384:qpi1PKtl50TsvD9oDPlMNcLlb5sVK4yv5Ct:qpi1PKtlMOclMNEvo
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
HEUR-Trojan.Win32.RRAT.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 HEUR-Trojan.Win32.RRAT.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString HEUR-Trojan.Win32.RRAT.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
HEUR-Trojan.Win32.RRAT.exedescription pid process Token: SeDebugPrivilege 2032 HEUR-Trojan.Win32.RRAT.exe