Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
09-01-2024 18:25
General
-
Target
f3fba1d1355dfc71fa48b1e730726f47.exe
-
Size
2.0MB
-
MD5
f3fba1d1355dfc71fa48b1e730726f47
-
SHA1
e8ad228acbeb4ea96a49f518c80cf3fbb87e0ad0
-
SHA256
0c5129f7ce0c2140caad284bd252dd57e0eb11eba4855540be8f8f8c992400a6
-
SHA512
ed0c1b71040e24bc6921f6837e842e1e18e939ef6ff00e144121d7a7c3ea2ad5a61b0e72fff20afb9c2345bba0d8633069dc3c28ed643dd571a59de5502ab8fb
-
SSDEEP
49152:pI4U7g149h0826G8K3PNwir5zPd7mtfpubpnvaVfhm6t+8LdR:6E149C82XPn5zlkUbpvalTYGR
Score
10/10
Malware Config
Signatures
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 17 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3fba1d1355dfc71fa48b1e730726f47.exe"C:\Users\Admin\AppData\Local\Temp\f3fba1d1355dfc71fa48b1e730726f47.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2384-0-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-1-0x000000007EFD0000-0x000000007F3A1000-memory.dmpFilesize
3.8MB
-
memory/2384-2-0x0000000073E90000-0x0000000074640000-memory.dmpFilesize
7.7MB
-
memory/2384-3-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-4-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-5-0x0000000006D80000-0x0000000007398000-memory.dmpFilesize
6.1MB
-
memory/2384-6-0x00000000067D0000-0x00000000067E2000-memory.dmpFilesize
72KB
-
memory/2384-7-0x0000000006830000-0x000000000686C000-memory.dmpFilesize
240KB
-
memory/2384-8-0x00000000068C0000-0x00000000068D0000-memory.dmpFilesize
64KB
-
memory/2384-9-0x0000000006870000-0x00000000068BC000-memory.dmpFilesize
304KB
-
memory/2384-10-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-11-0x0000000006AD0000-0x0000000006BDA000-memory.dmpFilesize
1.0MB
-
memory/2384-12-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-13-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-14-0x000000007EFD0000-0x000000007F3A1000-memory.dmpFilesize
3.8MB
-
memory/2384-15-0x0000000073E90000-0x0000000074640000-memory.dmpFilesize
7.7MB
-
memory/2384-16-0x00000000068C0000-0x00000000068D0000-memory.dmpFilesize
64KB
-
memory/2384-17-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-18-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-19-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-20-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-21-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-22-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-23-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-24-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-25-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-26-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-27-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB
-
memory/2384-28-0x00000000003D0000-0x0000000000CEE000-memory.dmpFilesize
9.1MB