Overview

overview

10

Static

static

3

1f28f2fc01...19.exe

windows7-x64

10

1f28f2fc01...19.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f28f2fc01466d9ffe441c4298c7f619.exe

  • Size

    197KB

  • MD5

    1f28f2fc01466d9ffe441c4298c7f619

  • SHA1

    fb442db1800bc37869301d88f17c87721851faa9

  • SHA256

    eaf13f18a618c5549e6e7bb31f5266696a479629eb4071a6c5e0a53875a6f23a

  • SHA512

    7e9614ee134c2840c0c5281f823afee873940ce2c6dd6c28205c635a5af5200ed9e6fa4572c2975751e213c519ea16416776b943b3538ebf835bd1ee7e2c27bb

  • SSDEEP

    6144:kDJO1gSkiLDQ7yfVhjTUDLjdPs4MDFR7r2ckixuCkUdXi:Cu47+5UvZq9yOXS

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 21 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f28f2fc01466d9ffe441c4298c7f619.exe
    "C:\Users\Admin\AppData\Local\Temp\1f28f2fc01466d9ffe441c4298c7f619.exe"
    1⤵
      PID:3512
      • C:\Users\Admin\AppData\Roaming\winlogon.exe
        "C:\Users\Admin\AppData\Roaming\winlogon.exe"
        2⤵
          PID:516
      • C:\Users\Admin\AppData\Roaming\winlogon.exe
        "C:\Users\Admin\AppData\Roaming\winlogon.exe"
        1⤵
          PID:1328

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\winlogon.exe
          Filesize

          92KB

          MD5

          a30385ee4da81841830db4477d41a0ee

          SHA1

          228e9a144686799407443827df1f1755670bcb70

          SHA256

          ede7b728fc5f12a7f0827881eec2ffdabaf058aff2ae72c8602ab288c624ecf3

          SHA512

          3ed9e8186e1386d715e0235f43a04de52b80f0d3ccb970e045ae1c92e0e1e3ec8a057b9d03ca580576cfc4b7e7368172f062a054a565671565b2ce457353507e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\winlogon.exe
          Filesize

          32KB

          MD5

          b09a21598631ff5a1c97054898e40db5

          SHA1

          abc6868c43acf3b6420d372bd44db3b4cb2eb93a

          SHA256

          a0700722d99c060894ecab293a96cd343bbdd065e1a9712d772f1bf8a53503f1

          SHA512

          08c7b6892302181a2f43f882d450b0c7d8961c49db6e02e7c380815bd1f529acf6d130bcebab0063b28064f79d889746a712eeb557642ac4374d12a4f58822aa

          Download Submit

        • C:\Users\Admin\AppData\Roaming\winlogon.exe
          Filesize

          197KB

          MD5

          1f28f2fc01466d9ffe441c4298c7f619

          SHA1

          fb442db1800bc37869301d88f17c87721851faa9

          SHA256

          eaf13f18a618c5549e6e7bb31f5266696a479629eb4071a6c5e0a53875a6f23a

          SHA512

          7e9614ee134c2840c0c5281f823afee873940ce2c6dd6c28205c635a5af5200ed9e6fa4572c2975751e213c519ea16416776b943b3538ebf835bd1ee7e2c27bb

          Download Submit

        • memory/516-27-0x0000000074D30000-0x00000000752E1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/516-16-0x0000000074D30000-0x00000000752E1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/516-17-0x0000000074D30000-0x00000000752E1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1328-36-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-31-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-42-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-41-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-40-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-39-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-38-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-37-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-18-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-35-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-34-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-33-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-32-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-43-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-29-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-28-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-30-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-22-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-21-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-20-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1328-19-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/3512-1-0x0000000001290000-0x00000000012A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3512-15-0x0000000074D30000-0x00000000752E1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/3512-0-0x0000000074D30000-0x00000000752E1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/3512-2-0x0000000074D30000-0x00000000752E1000-memory.dmp

          Filesize

          5.7MB

          Download