parallax | 0cb06c655b686f300f944519e89bee199089d22598bfa83ac969b88a6b2cb15e

General

Target

83c5bbe9284eead577d370cfe429685e.exe
Size

3.6MB
MD5

83c5bbe9284eead577d370cfe429685e
SHA1

c33c6f6a0f65673439fe1f18e110e46564cf7586
SHA256

0cb06c655b686f300f944519e89bee199089d22598bfa83ac969b88a6b2cb15e
SHA512

943c68646bbbb1e1d2c6d4387bf024ffeb03fc2f24dd9bf07237446a3dc6466fb257bb6cb59d52aaefce7a26bd2a88d1eaaa2755c040d545943bc4541402d22f
SSDEEP

49152:ZLOYEQ7B+hS3oSbQzmlpkz1oGVpOtGQHZY1:4Yp+hqpeZpOtBHZY1

Score

10^/10

parallax rat

Malware Config

Signatures

ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
rat parallax

ParallaxRat payload 19 IoCs

Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

resource	yara_rule
behavioral1/memory/2368-5-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-11-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-13-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-24-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-26-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-25-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-23-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-22-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-21-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-20-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-27-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-19-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-18-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-17-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-16-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-15-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-14-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-12-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/2368-28-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat

Blocklisted process makes network request 7 IoCs

flow	pid	Process
2	2368	rundll32.exe
2	2368	rundll32.exe
5	2368	rundll32.exe
5	2368	rundll32.exe
2	2368	rundll32.exe
2	2368	rundll32.exe
5	2368	rundll32.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe
1928	83c5bbe9284eead577d370cfe429685e.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28
PID 1928 wrote to memory of 2368	1928	83c5bbe9284eead577d370cfe429685e.exe	28

C:\Users\Admin\AppData\Local\Temp\83c5bbe9284eead577d370cfe429685e.exe
"C:\Users\Admin\AppData\Local\Temp\83c5bbe9284eead577d370cfe429685e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Users\Admin\AppData\Local\Temp\83c5bbe9284eead577d370cfe429685e.exe"
  2⤵
  - Blocklisted process makes network request
  PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-9-0x0000000000360000-0x00000000003DB000-memory.dmp

Filesize
492KB

Download
memory/1928-1-0x0000000000360000-0x00000000003DB000-memory.dmp

Filesize
492KB

Download
memory/1928-2-0x000000007766F000-0x0000000077670000-memory.dmp

Filesize
4KB

Download
memory/1928-3-0x00000000030B0000-0x0000000003230000-memory.dmp

Filesize
1.5MB

Download
memory/1928-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1928-8-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download
memory/2368-25-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-21-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-5-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-10-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2368-11-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-13-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-24-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-26-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-6-0x000000007766F000-0x0000000077670000-memory.dmp

Filesize
4KB

Download
memory/2368-23-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-22-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-4-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2368-20-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-27-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-19-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-18-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-17-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-16-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-15-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-14-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-12-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2368-28-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download

Analysis

Sharing