Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 01:04
General
-
Target
20653d4b1d392548b5dc636d76ddf39adf31a743ae3282a2f45b8e1dc12fb802.exe
-
Size
704KB
-
MD5
49bae9e069b7f7d515b9dc7c6c4953e0
-
SHA1
9f0fd6bda7ea272a20a58a3b963ededefc87a1c9
-
SHA256
20653d4b1d392548b5dc636d76ddf39adf31a743ae3282a2f45b8e1dc12fb802
-
SHA512
abed4e987626f88ffa34368e94707c99c07485eb57c4e0f9f60a0f9cab843e1c62f04e8aeac1b8f069d75b90a026b5aa4a0fcd9d22efeca0f9c122d68b6f5f78
-
SSDEEP
12288:5/y4KSeV15SORzbBTInjAD2i2/eFFi3VSS2gf0nhpYRSa18FqxbA7Ndh1UddhYUq:5/K5S0binGi/UFilSnAZv1bEJfKdTYv
Score
10/10
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\openwith.exe"C:\Windows\system32\openwith.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\20653d4b1d392548b5dc636d76ddf39adf31a743ae3282a2f45b8e1dc12fb802.exe"C:\Users\Admin\AppData\Local\Temp\20653d4b1d392548b5dc636d76ddf39adf31a743ae3282a2f45b8e1dc12fb802.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
-
Filesize
4.0MB
-
Filesize
40KB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
2.0MB
-
Filesize
760KB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
2.8MB
-
Filesize
664KB
-
Filesize
32KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
2.0MB
-
Filesize
8KB
-
Filesize
728KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
760KB