Overview

overview

10

Static

static

10

dda53eee2c...69.exe

windows7-x64

10

dda53eee2c...69.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dda53eee2c5cb0abdbf5242f5e82f4de83898b6a9dd8aa935c2be29bafc9a469.exe

  • Size

    18.4MB

  • MD5

    ddb1f970371fa32faae61fc5b8423d4b

  • SHA1

    130baec325e6ae41517404e76f911f071f613567

  • SHA256

    dda53eee2c5cb0abdbf5242f5e82f4de83898b6a9dd8aa935c2be29bafc9a469

  • SHA512

    81fa95ca23bd5d662fd4f82292d157de2e7e42f7e24906cd3e844a487079bdf736c3f5180bbd9b3267dafb83688138b1ad3f6785ae7041055d441dacaa828ad0

  • SSDEEP

    196608:8J68/wqKgDImYikiBIQq7qEJsv6tWKFdu9CS:8U8wqVImvpqtJsv6tWKFdu9CS

Score
10/10
magicratrattrojan

Malware Config

Signatures

  • Detected MagicRAT payload 14 IoCs
  • magicrat

    MagicRAT is a remote access trojan developed and operated by the Lazarus APT group.

    trojanratmagicrat
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dda53eee2c5cb0abdbf5242f5e82f4de83898b6a9dd8aa935c2be29bafc9a469.exe
    "C:\Users\Admin\AppData\Local\Temp\dda53eee2c5cb0abdbf5242f5e82f4de83898b6a9dd8aa935c2be29bafc9a469.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2232-10-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-11-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-12-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-13-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-14-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-15-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-16-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-17-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-18-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-19-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-20-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-21-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-22-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2232-23-0x0000000000400000-0x0000000001676000-memory.dmp

    Filesize

    18.5MB

    Download