Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

parallaxhuge.exe

windows7-x64

10

parallaxhuge.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/03/2023, 10:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    parallaxhuge.exe

  • Size

    3.9MB

  • MD5

    40256ea622aa1d0678f5bde48b9aa0fb

  • SHA1

    ba9dc2820ff412f06ca986dd03af1880d5a60f41

  • SHA256

    c3a3c6015ffc1bc98b5a21f89e78049900e5796e67e098bead011a20a99e7b0d

  • SHA512

    04f9be55aeb88ff4f11b786f10e1bbcfa5cc1cf0b54f56d2d68fe067b0ada592f6aac93148cfbfe23916bbbe581669befebc4e95630f8c3e76303bc8e69ff450

  • SSDEEP

    6144:DYh6ApoWrujS9yeoh6VVK7xvYTMxgUHgufnKiXybpsb:0h6ApVruja5oh2K755KUH5nNXylS

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 9 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:388
    • C:\Users\Admin\AppData\Local\Temp\parallaxhuge.exe
      "C:\Users\Admin\AppData\Local\Temp\parallaxhuge.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1984
      • C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
        "C:\Users\Admin\AppData\Local\Temp\parallaxhuge.exe"
        3⤵
          PID:2484
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
      1⤵
      • Drops startup file
      PID:5000

    Network

    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      245.9.202.144.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      245.9.202.144.in-addr.arpa
      IN PTR
      Response
      245.9.202.144.in-addr.arpa
      IN PTR
      1442029245vultrusercontentcom
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      123.108.74.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      123.108.74.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      202.74.101.95.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      202.74.101.95.in-addr.arpa
      IN PTR
      Response
      202.74.101.95.in-addr.arpa
      IN PTR
      a95-101-74-202deploystaticakamaitechnologiescom
    • flag-us
      DNS
      45.8.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      45.8.109.52.in-addr.arpa
      IN PTR
      Response
    • 144.202.9.245:80
      http
      pipanel.exe
      1.0kB
       752 B
       8
      12
    • 20.189.173.2:443
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 173.223.113.164:443
      322 B
       7
    • 204.79.197.203:80
      322 B
       7
    • 8.238.177.126:80
      322 B
       7
    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      245.9.202.144.in-addr.arpa
      dns
      72 B
       120 B
       1
      1

      DNS Request

      245.9.202.144.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      123.108.74.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      123.108.74.40.in-addr.arpa

    • 8.8.8.8:53
      202.74.101.95.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      202.74.101.95.in-addr.arpa

    • 8.8.8.8:53
      45.8.109.52.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      45.8.109.52.in-addr.arpa

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/388-147-0x0000000001060000-0x0000000001061000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1984-144-0x0000000002710000-0x00000000028B3000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1984-151-0x0000000002580000-0x00000000025FB000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1984-150-0x00000000033C0000-0x0000000003689000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/1984-149-0x0000000003300000-0x00000000033BE000-memory.dmp

      Filesize

      760KB

      Download

    • memory/1984-133-0x0000000002580000-0x00000000025FB000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1984-148-0x00000000029C0000-0x0000000002AB0000-memory.dmp

      Filesize

      960KB

      Download

    • memory/2484-139-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-143-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-142-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-145-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2484-146-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-141-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-140-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-138-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-137-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2484-136-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.