Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-03-2024 19:07
General
-
Target
file.exe
-
Size
1.8MB
-
MD5
9c7cad9eda9e00f3ab502d8f02cba2ca
-
SHA1
a249034719737a3d6f4adda631e72c2145787949
-
SHA256
842360492263c33b06bbe3d241a035b29bf29900066d29b3267f000eee07e6a2
-
SHA512
7892319b2872dec33031ab4a50efd2de5bf0a58641a011c091c57eaa62dc9957acd82765bfecec60a656736a79328c5fa1ef4733456bde3160ffc3cadffe712e
-
SSDEEP
24576:s7p3zW7nsL1lzFGE64M3ICpoy5hn5TbtgqzHNJltNupD2m9dDZYK:sV3zHXS3VpNh5TJgqrNJl4CEdGK
Score
10/10
Malware Config
Signatures
-
ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
-
ParallaxRat payload 18 IoCs
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
-
Drops startup file 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of WriteProcessMemory 1 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}1⤵
- Drops startup file
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-5-0x0000000002560000-0x0000000002561000-memory.dmpFilesize
4KB
-
memory/1152-6-0x0000000002560000-0x0000000002561000-memory.dmpFilesize
4KB
-
memory/1988-14-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-26-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-0-0x0000000001FA0000-0x0000000002020000-memory.dmpFilesize
512KB
-
memory/1988-7-0x0000000002080000-0x0000000002081000-memory.dmpFilesize
4KB
-
memory/1988-8-0x0000000000780000-0x0000000000781000-memory.dmpFilesize
4KB
-
memory/1988-9-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-10-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-11-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-12-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-16-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-1-0x00000000779FF000-0x0000000077A00000-memory.dmpFilesize
4KB
-
memory/1988-2-0x0000000001FA0000-0x0000000002020000-memory.dmpFilesize
512KB
-
memory/1988-13-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-17-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-18-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-19-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-20-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-21-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-22-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-23-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-25-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-24-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB
-
memory/1988-15-0x00000000031F0000-0x000000000321C000-memory.dmpFilesize
176KB