Overview

overview

3

Static

static

1

ParallelsD...in.zip

windows7-x64

1

ParallelsD...in.zip

windows10-2004-x64

1

ParallelsD...ignore

windows7-x64

3

ParallelsD...ignore

windows10-2004-x64

3

ParallelsD...ce.xml

windows7-x64

1

ParallelsD...ce.xml

windows10-2004-x64

1

ParallelsD...all.sh

ubuntu-18.04-amd64

1

ParallelsD...all.sh

debian-9-armhf

1

ParallelsD...all.sh

debian-9-mips

1

ParallelsD...all.sh

debian-9-mipsel

1

ParallelsD...s.json

windows7-x64

3

ParallelsD...s.json

windows10-2004-x64

3

ParallelsD...ervice

macos-10.15-amd64

1

ParallelsD...ice.md

windows7-x64

3

ParallelsD...ice.md

windows10-2004-x64

3

ParallelsD...dme.md

windows7-x64

3

ParallelsD...dme.md

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2023, 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ParallelsDesktopCrack-main/prl_disp_service.md

  • Size

    23KB

  • MD5

    ed9d2ac1e9a16418696b3c3563aab6a0

  • SHA1

    edcf662e8f78d61cde6a3f78098a2157e439b1ae

  • SHA256

    ca6dc55dcf09fe2f640c46645475449c8bf0bfe2e1766f4dd4e0422872303637

  • SHA512

    56640e8a1f570072a792a6ea3f9697fdd3eb4a83728bdca35ef3009e06f073cc09dafa2a479cf24d534531762b4e191612fbc08f24d11a5e40d6819260efb60d

  • SSDEEP

    384:GJyX/k29UiOYrEpgJ7Q3HQ2T3jdWzRCX7zjBOH82Oh+Xwxog9ygPw:GJyX/k29UiOYrEf3QgzdWzOzjMH8cgPw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 10 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ParallelsDesktopCrack-main\prl_disp_service.md
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ParallelsDesktopCrack-main\prl_disp_service.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ParallelsDesktopCrack-main\prl_disp_service.md"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads