Overview

overview

10

Static

static

3

sew1.exe

windows7-x64

10

sew1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sew1.exe

  • Size

    1.9MB

  • MD5

    6c5843a7b8b23ce49dbd3d89a54b56bf

  • SHA1

    afc9a7160ad753b2fedc385f2544d1d98cebf0be

  • SHA256

    f6c901d8959b26428c5fbb9b0c4a18be2057bb4d22e85bfe2442c0a8744a9ff6

  • SHA512

    5322db20006ce6a0ef58470f05b091a10147a57c467ae38eec813b37740decd01c18fe906262146b21e5703b5c902ebf64a0c035487120ce30863fb438d89c08

  • SSDEEP

    24576:syc92Stiatqme6qnvKEOQmSgcetFtABdSCSuWyLZ6gpEVKAlYE1W1:B5jJvHgJtALSCSuZVsTlM

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 18 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sew1.exe
    "C:\Users\Admin\AppData\Local\Temp\sew1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1392
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
    1⤵
    • Drops startup file
    PID:4960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1392-0-0x00000000023A0000-0x00000000023A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1392-1-0x0000000002580000-0x0000000002600000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1392-2-0x0000000077752000-0x0000000077753000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1392-5-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-6-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-7-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-8-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-9-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-11-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-10-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-12-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-13-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-14-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-15-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-16-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-18-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-17-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-19-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-21-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-20-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1392-22-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1392-23-0x00000000028B0000-0x00000000029A0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/1392-24-0x0000000002580000-0x0000000002600000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1392-27-0x00000000032A0000-0x00000000032CC000-memory.dmp

    Filesize

    176KB

    Download