Analysis
-
max time kernel
193s -
max time network
255s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
29-04-2024 04:04
General
-
Target
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe
-
Size
4.7MB
-
MD5
7adc2b31432caafba0ed9d52462be282
-
SHA1
58f3e9434b91bcc5d1592c15699e15eff51c06f4
-
SHA256
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75
-
SHA512
004b9965aeea14dd6b613f5a0b7a0c80c021179814dbc41287a9a0c070ad743d360803e0654614334885193a26a8aee8c001931d4ecd8ab219a806005fd1d244
-
SSDEEP
98304:CyW64h3r9HmzVv/LxaXSufJX70CtvLnupsdgoj9ghi1RebMIg9Cbk/V+:+7hBcVv16zupsdgojDIg9Cbk/V+
Score
10/10
Malware Config
Signatures
-
Detects DLL dropped by Raspberry Robin. 2 IoCs
Raspberry Robin.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
c:\windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe"C:\Users\Admin\AppData\Local\Temp\cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 7283⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/600-0-0x0000000001050000-0x0000000001503000-memory.dmpFilesize
4.7MB
-
memory/1532-9-0x0000000000B70000-0x0000000000B79000-memory.dmpFilesize
36KB
-
memory/1532-17-0x00007FFA478C0000-0x00007FFA47A9B000-memory.dmpFilesize
1.9MB
-
memory/1532-12-0x0000000000650000-0x0000000000A50000-memory.dmpFilesize
4.0MB
-
memory/1532-15-0x0000000074430000-0x00000000745F2000-memory.dmpFilesize
1.8MB
-
memory/1532-16-0x00007FFA478C0000-0x00007FFA47A9B000-memory.dmpFilesize
1.9MB
-
memory/2140-3-0x0000000006020000-0x0000000006420000-memory.dmpFilesize
4.0MB
-
memory/2140-8-0x0000000074430000-0x00000000745F2000-memory.dmpFilesize
1.8MB
-
memory/2140-11-0x0000000006020000-0x0000000006420000-memory.dmpFilesize
4.0MB
-
memory/2140-6-0x00007FFA478C0000-0x00007FFA47A9B000-memory.dmpFilesize
1.9MB
-
memory/2140-4-0x0000000006020000-0x0000000006420000-memory.dmpFilesize
4.0MB
-
memory/2140-2-0x0000000004E40000-0x0000000004EAD000-memory.dmpFilesize
436KB
-
memory/2140-5-0x0000000006020000-0x0000000006420000-memory.dmpFilesize
4.0MB
-
memory/2140-1-0x0000000002EE0000-0x0000000002FE1000-memory.dmpFilesize
1.0MB
-
memory/2140-18-0x0000000006020000-0x0000000006420000-memory.dmpFilesize
4.0MB