Analysis
-
max time kernel
21s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
17/07/2023, 16:21
General
-
Target
888Rat/888Rat/888Rat.exe
-
Size
93.1MB
-
MD5
03facd106f0b2f694c5824793be08cea
-
SHA1
0461be2a007661cf969f8d25ff2c358cc70ea8e2
-
SHA256
8ce863dbb31e5c7383ca30ddbcbfa87600dfa8cfacaa9097a38d00b47d4dae80
-
SHA512
dd7d8988fe0d9f62d175208e634cc44f5c0166c268ee0ecfca6999ea1e611e84714d78877e41c59c1dcd8b4e86206132cb00012e6b8627c0fadcc07e5358148d
-
SSDEEP
1572864:fT0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5kk:fT0I1IGfr0H4HbLYrXajRPcl0issnM4U
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
-
Loads dropped DLL 2 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 4 IoCs
AutoIT scripts compiled to PE executables.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 37 IoCs
-
Suspicious use of SendNotifyMessage 35 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\888Rat\888Rat\888Rat.exe"C:\Users\Admin\AppData\Local\Temp\888Rat\888Rat\888Rat.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6829758,0x7fef6829768,0x7fef68297782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1316 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1424 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3808 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1292,i,7616052625458883079,6148379218196368432,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD59bfb5e369c67e7e8dc83d881c6653c97
SHA11c8f9fd32a5d157db026ee6073ab38f36e4b5483
SHA256d45d4fec74ed850bd51d8d507f2005fb99380f8f632aceed50373177aefcc891
SHA512df8253d64f721ddcb45f1291c6651e38f7832096ad22281c81f9f9d46898782a565b9cb1137425a33044f97565cf5aed8d7990b350a19186f50cd411d6ccd4a4
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
4KB
MD5ed1c4cc2116b6f73d42125dd3779d6fb
SHA13ea22dbce73aa79c787388cf3951f962b4a06d9f
SHA2568eaf1ed0ac320c0abb00994b89a570544c0e8d0dab06b682e8d300e1d4f56863
SHA5128f484a8a393485ec49e9828dcf348622a44f1becc78190d9f35d7897daa9b4bcf6a6ac878bbff74cab4396764bcc1b05f878eb4c0ff0df77ef6717fc8917533e
-
Filesize
239KB
MD529e1d5770184bf45139084bced50d306
SHA176c953cd86b013c3113f8495b656bd721be55e76
SHA256794987c4069286f797631f936c73b925c663c42d552aeca821106dfc7c7ba307
SHA5127cb3d0788978b6dc5a78f65349366dac3e91b1557efa4f385984bef4940b3ea859f75cfe42c71f6fe445555138f44305531de6a89c5beff4bf9d42001b4348e8
-
Filesize
3.3MB
MD5ea5d5266b8a7bcc8788c83ebb7c8c7d5
SHA13e9ac1ab7d5d54db9b3d141e82916513e572b415
SHA25691ac4d215b8d90aef9a000900c9088d4c33d58c5f35a720a385a3f2d2299e5d1
SHA512404b35fca478a1f489ec1af7be1df897190d7deb0cd8139c2c89d68c24fa377d904cf0c5e30c09ab448d74d87a47aaa3a872bf66a9bc9c124f52798320d34e60
-
Filesize
239KB
MD529e1d5770184bf45139084bced50d306
SHA176c953cd86b013c3113f8495b656bd721be55e76
SHA256794987c4069286f797631f936c73b925c663c42d552aeca821106dfc7c7ba307
SHA5127cb3d0788978b6dc5a78f65349366dac3e91b1557efa4f385984bef4940b3ea859f75cfe42c71f6fe445555138f44305531de6a89c5beff4bf9d42001b4348e8
-
Filesize
324KB
-
Filesize
572KB
-
Filesize
2.1MB
-
Filesize
748KB
-
Filesize
640KB
-
Filesize
628KB
-
Filesize
12.3MB
-
Filesize
1.4MB
-
Filesize
572KB
-
Filesize
168KB
-
Filesize
324KB
-
Filesize
200KB
-
Filesize
93.2MB
-
Filesize
748KB
-
Filesize
640KB
-
Filesize
36KB
-
Filesize
200KB
-
Filesize
748KB
-
Filesize
1.6MB
-
Filesize
348KB
-
Filesize
2.1MB
-
Filesize
492KB
-
Filesize
12.3MB
-
Filesize
1.4MB
-
Filesize
572KB
-
Filesize
93.2MB
-
Filesize
816KB
-
Filesize
748KB
-
Filesize
200KB
-
Filesize
628KB
-
Filesize
348KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
640KB
-
Filesize
816KB
-
Filesize
76KB
-
Filesize
348KB
-
Filesize
492KB
-
Filesize
2.1MB
-
Filesize
324KB
-
Filesize
324KB
-
Filesize
628KB
-
Filesize
640KB
-
Filesize
200KB
-
Filesize
36KB
-
Filesize
93.2MB
-
Filesize
816KB
-
Filesize
2.1MB
-
Filesize
72KB
-
Filesize
348KB
-
Filesize
816KB
-
Filesize
572KB
-
Filesize
492KB
-
Filesize
2.1MB
-
Filesize
1.6MB
-
Filesize
348KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
640KB
-
Filesize
200KB
-
Filesize
36KB
-
Filesize
93.2MB