Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 08:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41.exe

  • Size

    2.1MB

  • MD5

    4c3021987d039f59a3aa6fcd423143f5

  • SHA1

    508960918d960e7fb1df7d5ddefe26e82ef1b167

  • SHA256

    6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41

  • SHA512

    879823c8d3410b81678ab5f5abc0ef9da5daaaa662583717c20c45f8bd2c8771435a630acb565383eb41cef031e9bef3d3431f3d263c4bcb82fb4de7a60f4c45

  • SSDEEP

    49152:EXsGREfMYgHug4kAjZ1/y8HQzz2xrvrdQeCVUrJnCWVbj1gXjR16lc:EXorx6tun1gj66

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 18 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4980
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
    1⤵
    • Drops startup file
    PID:4896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4980-0-0x00000000023E0000-0x0000000002460000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4980-1-0x0000000077132000-0x0000000077133000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4980-4-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-11-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-20-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-19-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-18-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-17-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-16-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-15-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-14-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-13-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-12-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-10-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-9-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-8-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-7-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-6-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-5-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4980-21-0x00000000023E0000-0x0000000002460000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4980-22-0x00000000027F0000-0x00000000028E0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/4980-23-0x0000000003180000-0x00000000031AC000-memory.dmp

    Filesize

    176KB

    Download