Analysis
-
max time kernel
30s -
max time network
31s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20-08-2024 14:34
General
-
Target
5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f(1).exe
-
Size
438KB
-
MD5
f400057763476649ca620a1fa7792c22
-
SHA1
f8e4f976cc28fcd8e91cf1dc48cb503642cd7ded
-
SHA256
5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f
-
SHA512
3efc264b36c50d30a98fae7adb7acd1ef4b79314e1d708a67d8535bb3d5ffcd0838765b92fd9789e2436d0d75ea69672eee2f5fa55b7d6c9577491b775ab9e3d
-
SSDEEP
12288:6uZZani4FaYkizhRpfX54K+uiE8BZzhzJ:6+ZIi4Z95/54K+uiE87d
Score
10/10
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\openwith.exe"C:\Windows\system32\openwith.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f(1).exe"C:\Users\Admin\AppData\Local\Temp\5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f(1).exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
2.0MB
-
Filesize
760KB
-
Filesize
4.0MB
-
Filesize
2.8MB
-
Filesize
4.0MB
-
Filesize
40KB
-
Filesize
2.0MB
-
Filesize
760KB
-
Filesize
520KB
-
Filesize
2.8MB
-
Filesize
4.0MB
-
Filesize
520KB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB