rhadamanthys | 6e217c13ce7f7104b9e251f715ed0191d1c6751cd9c4b352320c0314fafbe57e

Analysis

max time kernel
16s
max time network
23s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-04-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unlimited_Crack.exe
Size

364KB
MD5

1b8fb8b2b74de6c36c0bf69a0d2f5664
SHA1

8ea83f1e865a9486b7d9a715728af845db23f63c
SHA256

6e217c13ce7f7104b9e251f715ed0191d1c6751cd9c4b352320c0314fafbe57e
SHA512

84dc5ec442558e21bc316dd0745c44d1b57be65c2d8b3326d3c42808977960249ccd9836d7f5fc7e8a17b8d27bf6ebb9671c4a5908f9a1c74c66397ef8859898
SSDEEP

6144:49iJkovicebiNJ0mL2lvArd15G1Yct56vTN19z7yY2lg7mlm1gWnOayBsBGaCv/u:NhaPbiNJFLSAp15Qdsj952ymlxWnjLIu

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

RegAsm.exe

description pid process target process

PID 432 created 2860 432 RegAsm.exe sihost.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Unlimited_Crack.exe

description pid process target process

PID 4604 set thread context of 432 4604 Unlimited_Crack.exe RegAsm.exe
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

200 432 WerFault.exe RegAsm.exe
4116 432 WerFault.exe RegAsm.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

RegAsm.exedialer.exe

pid process

432 RegAsm.exe
432 RegAsm.exe
2852 dialer.exe
2852 dialer.exe
2852 dialer.exe
2852 dialer.exe

description	pid	process	target process
PID 432 created 2860	432	RegAsm.exe	sihost.exe

description	pid	process	target process
PID 4604 set thread context of 432	4604	Unlimited_Crack.exe	RegAsm.exe

pid	pid_target	process	target process
200	432	WerFault.exe	RegAsm.exe
4116	432	WerFault.exe	RegAsm.exe

pid	process
432	RegAsm.exe
432	RegAsm.exe
2852	dialer.exe
2852	dialer.exe
2852	dialer.exe
2852	dialer.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

Unlimited_Crack.exeRegAsm.exe

description	pid	process	target process
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 4604 wrote to memory of 432	4604	Unlimited_Crack.exe	RegAsm.exe
PID 432 wrote to memory of 2852	432	RegAsm.exe	dialer.exe
PID 432 wrote to memory of 2852	432	RegAsm.exe	dialer.exe
PID 432 wrote to memory of 2852	432	RegAsm.exe	dialer.exe
PID 432 wrote to memory of 2852	432	RegAsm.exe	dialer.exe
PID 432 wrote to memory of 2852	432	RegAsm.exe	dialer.exe

c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:2860

C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unlimited_Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Unlimited_Crack.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 608
3⤵
- Program crash
PID:200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 628
3⤵
- Program crash
PID:4116

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/432-16-0x0000000074720000-0x00000000748E2000-memory.dmp

Filesize
1.8MB

Download
memory/432-9-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/432-27-0x00000000039E0000-0x0000000003DE0000-memory.dmp

Filesize
4.0MB

Download
memory/432-8-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/432-4-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/432-10-0x00000000039E0000-0x0000000003DE0000-memory.dmp

Filesize
4.0MB

Download
memory/432-12-0x00000000039E0000-0x0000000003DE0000-memory.dmp

Filesize
4.0MB

Download
memory/432-11-0x00000000039E0000-0x0000000003DE0000-memory.dmp

Filesize
4.0MB

Download
memory/432-14-0x00000000039E0000-0x0000000003DE0000-memory.dmp

Filesize
4.0MB

Download
memory/432-13-0x00007FFE10E60000-0x00007FFE1103B000-memory.dmp

Filesize
1.9MB

Download
memory/2852-17-0x0000000000840000-0x0000000000849000-memory.dmp

Filesize
36KB

Download
memory/2852-19-0x0000000004350000-0x0000000004750000-memory.dmp

Filesize
4.0MB

Download
memory/2852-20-0x0000000004350000-0x0000000004750000-memory.dmp

Filesize
4.0MB

Download
memory/2852-21-0x00007FFE10E60000-0x00007FFE1103B000-memory.dmp

Filesize
1.9MB

Download
memory/2852-22-0x0000000004350000-0x0000000004750000-memory.dmp

Filesize
4.0MB

Download
memory/2852-24-0x00007FFE10E60000-0x00007FFE1103B000-memory.dmp

Filesize
1.9MB

Download
memory/2852-25-0x0000000074720000-0x00000000748E2000-memory.dmp

Filesize
1.8MB

Download
memory/2852-26-0x0000000004350000-0x0000000004750000-memory.dmp

Filesize
4.0MB

Download
memory/4604-1-0x0000000073A20000-0x000000007410E000-memory.dmp

Filesize
6.9MB

Download
memory/4604-0-0x00000000008F0000-0x0000000000952000-memory.dmp

Filesize
392KB

Download
memory/4604-28-0x0000000073A20000-0x000000007410E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads