Overview

overview

10

Static

static

10

hi.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1337s
  • max time network
    1164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2023, 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hi.exe

  • Size

    114KB

  • MD5

    8a2cc75f1a0196bc659384fecc0fed8a

  • SHA1

    2e5b7de6a0977da0ef29bc5855e65e8deca4e51c

  • SHA256

    c9dcd0ef1aeb4a2f8bbb4ff93f0f523bee99a739c7e0ad8f21c70aa368204f41

  • SHA512

    5a5b5cde00bf0f105a04cb60b1baae2bc8c82225e447e34df87fd2789a6acddb1757f699933e78938ca6fbcce98400f7ae1c02907990198d2fe39004b17397bf

  • SSDEEP

    3072:gJZKnPE2YyJzELtyTFyYeY8lNgoiJ+sX8HFvytbmNM:gJZKBI0FyYeY4eoiJ+sCFvR

Score
10/10
vanillaratrat

Malware Config

Signatures

  • VanillaRat

    VanillaRat is an advanced remote administration tool coded in C#.

    ratvanillarat
  • Vanilla Rat payload 1 IoCs
    rat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hi.exe
    "C:\Users\Admin\AppData\Local\Temp\hi.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4132-133-0x00000000743E0000-0x0000000074B90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4132-134-0x0000000000280000-0x00000000002A2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4132-135-0x00000000052C0000-0x0000000005864000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4132-136-0x0000000004D10000-0x0000000004DA2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4132-137-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-138-0x0000000004CC0000-0x0000000004CCA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4132-139-0x00000000094E0000-0x0000000009546000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4132-140-0x00000000743E0000-0x0000000074B90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4132-141-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-142-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-143-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-144-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-145-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-146-0x00000000743E0000-0x0000000074B90000-memory.dmp

    Filesize

    7.7MB

    Download