Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18-10-2024 10:07
General
-
Target
9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe
-
Size
678KB
-
MD5
7286d3201342805034fb07a07675a630
-
SHA1
9bbd895e887afe9b5a2fa320ecc695189df9cc5e
-
SHA256
9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d
-
SHA512
64c549d4666704e604f7ce8d78deb848cefed34680f5b9e32a7ee009ff5c3d6505197132b97039e8842aa1836f2bddc0af95f4dd9e47aff340f620b48a85d55f
-
SSDEEP
12288:Af/1RgkVxftfwpdXO95bR0xJdur3P5tbM7YRX4pjERUho2s9Ca7ItJ:G1Rgkzlfwrsd0xJa3xu7YRX4pjMcsk9
Score
10/10
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe"C:\Users\Admin\AppData\Local\Temp\9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.0MB
-
Filesize
1.1MB
-
Filesize
9.9MB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
4.0MB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
704KB
-
Filesize
1.7MB
-
Filesize
9.9MB
-
Filesize
1.7MB
-
Filesize
432KB
-
Filesize
4.0MB
-
Filesize
1.0MB
-
Filesize
1.1MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
40KB