Overview

overview

10

Static

static

3

html.exe

windows7-x64

10

html.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-08-2023 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    html.exe

  • Size

    1.5MB

  • MD5

    77f82a88068d77ba9ece00d21bf3a4db

  • SHA1

    cedf93d2a9dae5a41c7797baaf535f008d0166e9

  • SHA256

    33dd66da63f57e1d64d469172a5d5e7615924bcde919e962c4a5a00c51306051

  • SHA512

    1c3e8eb58ea6139e738bcf1662037669f470d46cdc60c9b4297542bcc545a2673447686a99827a8d07ae06d0260d5b1778159cd41552bc2c571a06ef297a9e1d

  • SSDEEP

    12288:KNVVyrGvaRlb2nZS1dUpSp3fHgY+bE6gVVpQIcsmvG5SYmG7Sa:SVNPnZSXUpShfj+bE6gLpKpu5SYm6

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 19 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\html.exe
    "C:\Users\Admin\AppData\Local\Temp\html.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
      "C:\Users\Admin\AppData\Local\Temp\html.exe"
      2⤵
        PID:4936
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
      1⤵
      • Drops startup file
      PID:3464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2632-142-0x00000000022E0000-0x0000000002360000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2632-134-0x00000000772E2000-0x00000000772E3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-133-0x00000000022E0000-0x0000000002360000-memory.dmp

      Filesize

      512KB

      Download

    • memory/4936-148-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-151-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-138-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-143-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-144-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-146-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-145-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-147-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-149-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-137-0x00000000772E2000-0x00000000772E3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4936-150-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-140-0x0000000001040000-0x0000000001041000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4936-153-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-152-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-154-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-155-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-158-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-156-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-157-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-159-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4936-160-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download