Malware Analysis Report

2024-11-13 16:14

Sample ID 240413-chtp1aab79
Target Silver Rat.zip
SHA256 954f637d4c8d2c47dc648d703f073fa8586222a8cef8aa8226bce48490ce8b10
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

954f637d4c8d2c47dc648d703f073fa8586222a8cef8aa8226bce48490ce8b10

Threat Level: Shows suspicious behavior

The file Silver Rat.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Enumerates physical storage devices

Unsigned PE

Program crash

NTFS ADS

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-13 02:05

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

454s

Max time network

1175s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\RDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\RDP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:36

Platform

win11-20240412-en

Max time kernel

1563s

Max time network

1533s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Collections.Immutable.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Collections.Immutable.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 03:00

Platform

win11-20240412-en

Max time kernel

446s

Max time network

1174s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\protobuf-net.core.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\protobuf-net.core.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

455s

Max time network

1177s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Keylogger.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

449s

Max time network

1173s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\RAPP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\RAPP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:36

Platform

win11-20240412-en

Max time kernel

451s

Max time network

1174s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\RestSharp.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\RestSharp.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:56

Platform

win11-20240412-en

Max time kernel

444s

Max time network

1170s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\cgeoip.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\cgeoip.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

441s

Max time network

1172s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Newtonsoft.Json.dll",#1

Network

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

458s

Max time network

1180s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HVNC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HVNC.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:56

Platform

win11-20240412-en

Max time kernel

458s

Max time network

1177s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\bouncycastle.crypto.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\bouncycastle.crypto.dll",#1

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

453s

Max time network

1174s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HBrowser.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HBrowser.dll",#1

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

438s

Max time network

1166s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Options.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Options.dll",#1

Network

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

457s

Max time network

1180s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\OptionsForm.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\OptionsForm.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:37

Platform

win11-20240412-en

Max time kernel

456s

Max time network

1175s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Memory.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Memory.dll",#1

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:56

Platform

win11-20240412-en

Max time kernel

453s

Max time network

1177s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\bunifu.ui.winforms.1.5.3.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\bunifu.ui.winforms.1.5.3.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 03:36

Platform

win11-20240412-en

Max time kernel

454s

Max time network

1177s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\protobuf-net.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\protobuf-net.dll",#1

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

460s

Max time network

1182s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HRDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HRDP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

1345s

Max time network

1176s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Silver Rat.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4584 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2096 wrote to memory of 3068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.0.2145052087\640182259" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1776 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a84fb52a-fc5a-4009-8116-2fdda5c5ea99} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 1880 21beae24c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.1.1041433781\1660664923" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ab100ec-6c09-4fe5-a221-426c61baf6ba} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2404 21bde187258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.2.1759952717\7683329" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2816 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f3e4d6-9503-4bbe-9edd-39a6f285d237} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2804 21bedbe0258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.3.1778858532\1343224983" -childID 2 -isForBrowser -prefsHandle 2596 -prefMapHandle 1632 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af517917-d793-4114-b374-9d2d408df363} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3436 21bf0470258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.4.1817351246\1551165744" -childID 3 -isForBrowser -prefsHandle 5052 -prefMapHandle 4960 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea029a4-c3f3-4103-b224-04a20b2cb3f4} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5064 21bf1df8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.5.192558974\936675166" -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b440ba4-efe2-4126-a7cb-a52def6509c4} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5224 21bf266cf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.6.12328228\1991631313" -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba456dd0-93af-468e-924f-11e304ccccf6} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5396 21bf266a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.7.124211355\802831872" -childID 6 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe7f4e0-85cf-4ffe-857b-1cfd564b84ff} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3404 21bf31a2958 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe

"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"

C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2384 -ip 2384

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 896

C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3940 -ip 3940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 864

C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe

"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 172.67.185.32:443 cleartotalfisherwo.shop tcp
US 8.8.8.8:53 32.185.67.172.in-addr.arpa udp
US 104.21.44.125:443 worryfillvolcawoi.shop tcp
US 172.67.183.226:443 enthusiasimtitleow.shop tcp
US 172.67.205.132:443 dismissalcylinderhostw.shop tcp
US 172.67.181.34:443 affordcharmcropwo.shop tcp
US 104.21.23.143:443 diskretainvigorousiw.shop tcp
US 172.67.166.251:443 communicationgenerwo.shop tcp
US 8.8.8.8:53 34.181.67.172.in-addr.arpa udp
US 172.67.144.218:443 pillowbrocccolipe.shop tcp
N/A 127.0.0.1:49744 tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 54.245.32.185:443 shavar.services.mozilla.com tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
N/A 127.0.0.1:49750 tcp
FR 151.80.29.83:80 api.gofile.io tcp
FR 151.80.29.83:443 api.gofile.io tcp
FR 51.178.66.33:443 api.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
CA 134.195.196.186:443 store11.gofile.io tcp
CA 134.195.196.186:443 store11.gofile.io tcp
US 172.67.185.32:443 cleartotalfisherwo.shop tcp
US 104.21.44.125:443 worryfillvolcawoi.shop tcp
US 172.67.183.226:443 enthusiasimtitleow.shop tcp
US 172.67.205.132:443 dismissalcylinderhostw.shop tcp
US 172.67.181.34:443 affordcharmcropwo.shop tcp
US 104.21.23.143:443 diskretainvigorousiw.shop tcp
US 172.67.166.251:443 communicationgenerwo.shop tcp
US 172.67.144.218:443 pillowbrocccolipe.shop tcp
US 172.67.185.32:443 cleartotalfisherwo.shop tcp
US 104.21.44.125:443 worryfillvolcawoi.shop tcp
US 172.67.183.226:443 enthusiasimtitleow.shop tcp
US 172.67.205.132:443 dismissalcylinderhostw.shop tcp
US 172.67.181.34:443 affordcharmcropwo.shop tcp
US 104.21.23.143:443 diskretainvigorousiw.shop tcp
US 172.67.166.251:443 communicationgenerwo.shop tcp
US 172.67.144.218:443 pillowbrocccolipe.shop tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
NL 2.18.121.73:80 ciscobinary.openh264.org tcp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 73.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hne6nz6.gvt1.com udp
NL 74.125.100.199:443 r2---sn-5hne6nz6.gvt1.com tcp
US 8.8.8.8:53 r2.sn-5hne6nz6.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hne6nz6.gvt1.com udp
NL 74.125.100.199:443 r2.sn-5hne6nz6.gvt1.com udp
US 8.8.8.8:53 199.100.125.74.in-addr.arpa udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 172.67.185.32:443 cleartotalfisherwo.shop tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 104.21.44.125:443 worryfillvolcawoi.shop tcp
US 172.67.183.226:443 enthusiasimtitleow.shop tcp
US 172.67.205.132:443 dismissalcylinderhostw.shop tcp
US 172.67.181.34:443 affordcharmcropwo.shop tcp
US 104.21.23.143:443 diskretainvigorousiw.shop tcp
US 172.67.166.251:443 communicationgenerwo.shop tcp
US 172.67.144.218:443 pillowbrocccolipe.shop tcp
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 172.67.185.32:443 cleartotalfisherwo.shop tcp
US 104.21.44.125:443 worryfillvolcawoi.shop tcp
US 172.67.183.226:443 enthusiasimtitleow.shop tcp
US 172.67.205.132:443 dismissalcylinderhostw.shop tcp
US 172.67.181.34:443 affordcharmcropwo.shop tcp
US 104.21.23.143:443 diskretainvigorousiw.shop tcp
US 172.67.166.251:443 communicationgenerwo.shop tcp
US 172.67.144.218:443 pillowbrocccolipe.shop tcp

Files

memory/2876-0-0x0000000000920000-0x000000000096B000-memory.dmp

memory/2876-5-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/2876-6-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/2876-7-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/2876-8-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/2876-9-0x0000000000920000-0x000000000096B000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp

MD5 050766629bd864b13e3d21853867c7ac
SHA1 b2433373f511420ac58587d55c4c515c35ed04cb
SHA256 76b44948b430dec32526e84285643a1fa173e77c70c24ff42479f7c29e302608
SHA512 45f58afb5819d3aab170621f6ed17ea403c8ee3aee818f8f37e38f2c13b883bd0baa39b6d7e2256ffb1110675395fa517158b1a6072da656bb2bc5c7b836c8d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp

MD5 748c25d2b7571de48728a14809c4b9a4
SHA1 8ab85569c47c4fc18fb5d5ac700d9b6226eff8cd
SHA256 168aebff993a279eeea2c7c16405c5a9461de67917669fa686229c31ce2da578
SHA512 e96e49ed47c2a0ac9ba250a829261e729b83556904e7a34edfa370f7a852c6ab3436e0ba29f80a8e7d7223e90bc2cb50044d3df05757cf8e7bfea4390233bfca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

MD5 d15f7a87e8befea30e735b45e39b9504
SHA1 0a83ac3d5ca0d24230f601a891c44bbe9f99937d
SHA256 0fb68acdbab583dfa52fc79bb9b5981ed14d761fe7f938238d0b7b97039ccae7
SHA512 b321eb875b710fb2ba8312386ac8521d907f538c60013afb24d9ba60551a8d2f83525c5463fdb8673fec7e844c6511711873b98fdf10853238d790448a817cb2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e723ecca48b143774d3e41c224106b65
SHA1 9d041995838ee450ac1547d00fbfb4998902dc7e
SHA256 f9c7df6a68412b193039df01670766e910197525ad783b07a8c0aef3b2435e43
SHA512 18c3ba696db9b0c3a907ddfae70395e3a92af7b169ee8bb0f1e095a41494c278520adb51287112a993ebf4bdbedf8a0334a34556504fce0511f9c04acea239ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

MD5 19d8a59b0a5b1ae7502a32154a33150d
SHA1 5416b111f973d491f8e158b422462a04aeb6683b
SHA256 ca203f0d3d9df4cc6a85c412320ed37a342c2493828a2efb01c842a15c586830
SHA512 dfb723c1a616af294ac27a81a783e5d9faf755ced304f6d6dbe827acd8c8f96e7368f3de2fc04023eb287dfbe716906e5ba097cde3547ac76866f567fb4549f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6042796da24fe9695406737188fb310a
SHA1 7f58fb1b35129809988ba363ae2fc8d68cc43016
SHA256 0458d0a951d583301e60052b004aa6e939402e7bb1347e281eec7b442f36b6cd
SHA512 a8e630a9c1346b9c34a5f09e85cb95eddfe073caf048eced890f17315aad71f223ed840fff93e98f7997b614d3f568466c0711b250a4d37c5649be59ad2c1325

C:\Users\Admin\Downloads\Silver Rat.3P00_eKg.zip.part

MD5 eb0ab6050c1f77229b805218e5abe49b
SHA1 bc9e9ea152b5d64d638c80fbea1b41494282baa7
SHA256 d82a000ba97ab59bb304c0983b574e503344e7553595c6e49a180f1f70236445
SHA512 d94c6ef1274328ec477430bb4f6c4ae3a2bb12cba620e5a882cb8f10ae6377061aecbb55979b2e503b8ddd5982fd6d7afb5519e67a3a1a3adc8c4e52fde11916

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a0e4962eb25a2539e0358dec9bdea660
SHA1 72df4549ef9359c72f9c2f3726f934b376daa2f0
SHA256 e529cbf4105e2d91f62e4a6d125a0da3411b162cc9e94ad5e7e78dd4982c46c2
SHA512 472ea93e26919b531ec4116c2076cf06c4036c3977194803992b28d1e5df3d90d4c6318cf8f18bc1e22362c68b8cbbecc4eb0a2711d2795eb18eb4897b1054c7

memory/4656-191-0x0000000000B00000-0x0000000000B4B000-memory.dmp

memory/4656-196-0x0000000000B50000-0x0000000000B51000-memory.dmp

memory/4656-197-0x0000000000B00000-0x0000000000B4B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Loader.exe

MD5 9c9245810bad661af3d6efec543d34fd
SHA1 93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d
SHA256 f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478
SHA512 90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767

memory/1232-206-0x0000000000A50000-0x0000000000A9B000-memory.dmp

memory/1232-211-0x0000000000B50000-0x0000000000B51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

MD5 d6527f7d5f5152c3f5fff6786e5c1606
SHA1 e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA256 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA512 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

memory/1348-222-0x0000000000400000-0x0000000001DB0000-memory.dmp

memory/2384-224-0x0000000073660000-0x0000000073E11000-memory.dmp

memory/2384-225-0x0000000000C30000-0x000000000255E000-memory.dmp

memory/2384-226-0x00000000074B0000-0x0000000007A56000-memory.dmp

memory/2384-227-0x0000000006FA0000-0x0000000007032000-memory.dmp

memory/1232-228-0x0000000000A50000-0x0000000000A9B000-memory.dmp

memory/2384-229-0x0000000073660000-0x0000000073E11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

MD5 dcce0be5a0c3fa86131c9f30df75c9d9
SHA1 c8ed8b247a7221a7b4d2ee91fd346e54d791598c
SHA256 2ebf18981efe4f44ae76b059ec648fafeb27bfa07cd233ab47a442408b54f44b
SHA512 cdba9696ce13e2dfaa9e9d81e3238fe39b5e9673d5fbadcab840f4607c6d985bc5852cb6347d4f65d73e5d28c0f9c19cdefc74460fea932ee55deeb5537d2a3e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 e874ac6b9406ff6fd1fd40dc03dffbaa
SHA1 620294e065c1935613b8ece47130c0ac7cfe00ad
SHA256 2112d7cb4d4751d15dd8ae5cd3d5e3338c76b999a964b0afb40adf69a96c2cb1
SHA512 fd26aa004ca487437e4e82dd1b390c2f70dabdfac88fd8620f9ff6639c5a1f1e5d93d2fe51fe0aa14de997ced6c0ec0bac0e9b89731b99f08aa36e10c23caeb8

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

memory/3144-988-0x00000000010D0000-0x000000000111B000-memory.dmp

memory/3940-1253-0x0000000073B80000-0x0000000074331000-memory.dmp

memory/3256-1010-0x0000000000400000-0x0000000001DB0000-memory.dmp

memory/3144-1476-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

memory/3144-1501-0x0000000002C50000-0x0000000002C90000-memory.dmp

memory/3144-1520-0x0000000002C50000-0x0000000002C90000-memory.dmp

memory/3144-1544-0x0000000002C50000-0x0000000002C90000-memory.dmp

memory/3144-1569-0x0000000002C50000-0x0000000002C90000-memory.dmp

memory/3144-1518-0x0000000002C50000-0x0000000002C90000-memory.dmp

memory/3940-1746-0x0000000073B80000-0x0000000074331000-memory.dmp

memory/3144-1931-0x00000000010D0000-0x000000000111B000-memory.dmp

memory/1944-2240-0x0000000000C30000-0x0000000000C7B000-memory.dmp

memory/1944-2245-0x0000000000C30000-0x0000000000C7B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore.jsonlz4

MD5 80669d4def45bb38fbc43debf548a75d
SHA1 22a1c41e0180a3caf6e0757dddff9708043efaa3
SHA256 39b00faedaba54c005496d3f03147c5aa222e23f3ab9026b4741f6665b9d5206
SHA512 9055e28d7d150ec0c1a5054e9dbf44c7fd9379e6676e1e8a45a5c5a5013c93fb793b1a6717c3d22ac41ce370215e02d645198e48c9673aac109cdc217f1072b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

MD5 c8f3602113dc2ae77caea7eb6d474674
SHA1 c657884c10d56f8b49606adb74f321124bb5ed5a
SHA256 3f9601e5a938c8ed683b339c4de7e14ca574fd4441e15cd7fafd865031635af1
SHA512 7f275aaf59324ad6b80775d6f69429867c9ae6d46feaeda2a55fc718d7293530ae61905f79a9683e644247684285967218397c23dc1c02bbcceaad28637138a0

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:36

Platform

win11-20240412-en

Max time kernel

457s

Max time network

1176s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Buffers.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Buffers.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

440s

Max time network

1166s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Manager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Manager.dll",#1

Network

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

452s

Max time network

1175s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Passwords.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Passwords.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:56

Platform

win11-20240412-en

Max time kernel

455s

Max time network

1180s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\bunifu.ui.winforms.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\bunifu.ui.winforms.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

443s

Max time network

1172s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Camera.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Camera.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

456s

Max time network

1176s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\ReverseProxy.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\ReverseProxy.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

448s

Max time network

1172s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Chat.dll",#1

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

450s

Max time network

1174s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\HApps.dll",#1

Network

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

444s

Max time network

1172s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Ransom.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\Ransom.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

449s

Max time network

1172s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\ScanNET.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Plugins\ScanNET.dll",#1

Network

Country Destination Domain Proto
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:36

Platform

win11-20240412-en

Max time kernel

447s

Max time network

1172s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe

"C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe"

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 404 -ip 404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 904

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 172.67.185.32:443 cleartotalfisherwo.shop tcp
US 104.21.44.125:443 worryfillvolcawoi.shop tcp
US 172.67.183.226:443 enthusiasimtitleow.shop tcp
US 172.67.205.132:443 dismissalcylinderhostw.shop tcp
US 172.67.181.34:443 affordcharmcropwo.shop tcp
US 8.8.8.8:53 226.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 132.205.67.172.in-addr.arpa udp
US 172.67.211.165:443 diskretainvigorousiw.shop tcp
US 172.67.166.251:443 communicationgenerwo.shop tcp
US 104.21.47.56:443 pillowbrocccolipe.shop tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\Loader.exe

MD5 9c9245810bad661af3d6efec543d34fd
SHA1 93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d
SHA256 f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478
SHA512 90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767

memory/3828-8-0x0000000000D90000-0x0000000000DDB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

MD5 d6527f7d5f5152c3f5fff6786e5c1606
SHA1 e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA256 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA512 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

memory/3828-22-0x0000000002950000-0x0000000002990000-memory.dmp

memory/3828-21-0x0000000002B00000-0x0000000002B01000-memory.dmp

memory/3828-23-0x0000000002950000-0x0000000002990000-memory.dmp

memory/3828-26-0x0000000002950000-0x0000000002990000-memory.dmp

memory/3828-28-0x0000000002950000-0x0000000002990000-memory.dmp

memory/3828-24-0x0000000002950000-0x0000000002990000-memory.dmp

memory/1544-30-0x0000000000400000-0x0000000001DB0000-memory.dmp

memory/404-31-0x0000000073600000-0x0000000073DB1000-memory.dmp

memory/404-32-0x0000000000480000-0x0000000001DAE000-memory.dmp

memory/3828-33-0x0000000000D90000-0x0000000000DDB000-memory.dmp

memory/404-34-0x0000000006D00000-0x00000000072A6000-memory.dmp

memory/404-35-0x00000000067F0000-0x0000000006882000-memory.dmp

memory/404-36-0x0000000073600000-0x0000000073DB1000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:54

Platform

win11-20240412-en

Max time kernel

450s

Max time network

1177s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Numerics.Vectors.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\System.Numerics.Vectors.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:56

Platform

win11-20240412-en

Max time kernel

452s

Max time network

1173s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\guna.ui2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\guna.ui2.dll",#1

Network

Country Destination Domain Proto
IE 52.111.236.22:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-13 02:05

Reported

2024-04-13 02:35

Platform

win11-20240412-en

Max time kernel

1354s

Max time network

1178s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Bunifu.Licensing.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Bunifu.Licensing.dll",#1

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A