Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.8MB

  • MD5

    9c7cad9eda9e00f3ab502d8f02cba2ca

  • SHA1

    a249034719737a3d6f4adda631e72c2145787949

  • SHA256

    842360492263c33b06bbe3d241a035b29bf29900066d29b3267f000eee07e6a2

  • SHA512

    7892319b2872dec33031ab4a50efd2de5bf0a58641a011c091c57eaa62dc9957acd82765bfecec60a656736a79328c5fa1ef4733456bde3160ffc3cadffe712e

  • SSDEEP

    24576:s7p3zW7nsL1lzFGE64M3ICpoy5hn5TbtgqzHNJltNupD2m9dDZYK:sV3zHXS3VpNh5TJgqrNJl4CEdGK

Score
10/10
parallaxrat

Malware Config

Signatures

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 18 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1152
      • C:\Users\Admin\AppData\Local\Temp\file.exe
        "C:\Users\Admin\AppData\Local\Temp\file.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1988
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
      1⤵
      • Drops startup file
      PID:2688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1152-5-0x0000000002560000-0x0000000002561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-6-0x0000000002560000-0x0000000002561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1988-14-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-26-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-0-0x0000000001FA0000-0x0000000002020000-memory.dmp

      Filesize

      512KB

      Download

    • memory/1988-7-0x0000000002080000-0x0000000002081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1988-8-0x0000000000780000-0x0000000000781000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1988-9-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-10-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-11-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-12-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-16-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-1-0x00000000779FF000-0x0000000077A00000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1988-2-0x0000000001FA0000-0x0000000002020000-memory.dmp

      Filesize

      512KB

      Download

    • memory/1988-13-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-17-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-18-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-19-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-20-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-21-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-22-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-23-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-25-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-24-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1988-15-0x00000000031F0000-0x000000000321C000-memory.dmp

      Filesize

      176KB

      Download