Overview

overview

6

Static

static

3

Rad me.txt

windows10-2004-x64

1

Silver Rat V 1.0.exe

windows10-2004-x64

6

Resubmissions

21/11/2023, 19:45

231121-ygfmmsha9y 7

21/11/2023, 19:42

231121-yezyhaha9t 6

Analysis

  • max time kernel
    81s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2023, 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Silver Rat V 1.0.exe

  • Size

    3.3MB

  • MD5

    210ba4e7edc2c9c85d25f08448e040b5

  • SHA1

    d3fc80539f0407fbde7799892386ac806be8191d

  • SHA256

    0c1544e0410e62f44cc3eb53fb4eb2fbdccf6dc4fd87c6e5b754956b08f2acb9

  • SHA512

    d6e89d3c06a3e681cd9d9b4005dc55db9a48ec843191097daae97098601c4103c20049f710fdd1906776dd2b3db401117952ccc1c33851153b857f4fe9a1049f

  • SSDEEP

    49152:J4uPGKYSBO99jGvkL+gG7AA1ScgoPByIA:J42KcC+gGUtdoPByB

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Silver Rat V 1.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Silver Rat V 1.0.exe"
    1⤵
    • Adds Run key to start application
    PID:2016
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\users\Admin\AppData\Local\Temp\svhost.exe
    Filesize

    3.3MB

    MD5

    210ba4e7edc2c9c85d25f08448e040b5

    SHA1

    d3fc80539f0407fbde7799892386ac806be8191d

    SHA256

    0c1544e0410e62f44cc3eb53fb4eb2fbdccf6dc4fd87c6e5b754956b08f2acb9

    SHA512

    d6e89d3c06a3e681cd9d9b4005dc55db9a48ec843191097daae97098601c4103c20049f710fdd1906776dd2b3db401117952ccc1c33851153b857f4fe9a1049f

    Download Submit

  • memory/2016-0-0x0000000002850000-0x0000000002851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2016-2-0x0000000000400000-0x000000000075B000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/2016-4-0x0000000002850000-0x0000000002851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2016-5-0x0000000000400000-0x000000000075B000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/2364-11-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-10-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-16-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-15-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-17-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-18-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-19-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-20-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-21-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-9-0x0000021C6AD40000-0x0000021C6AD41000-memory.dmp

    Filesize

    4KB

    Download