Analysis

  • max time kernel
    94s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-12-2024 16:50

General

  • Target

    xRAT 2.exe

  • Size

    1.2MB

  • MD5

    6d8489e8ef02f1dd5d496bfa3a4ff48f

  • SHA1

    d8df172354f75d100db674e52654f35f53129e5e

  • SHA256

    63c0c9e03586b36bba16e6cd2f73a71d675f39e9a4c87b09aaa2253cb763c833

  • SHA512

    99f3ecbf5b4596f663d7b6bd9bb28e0967de33ebbc08b02272ed4a5fc0ef29bc04cf3a6537ca6e2ec5dc7acba9a0326708e0f09be9c86b827d670e833ee51e40

  • SSDEEP

    6144:WhPmJabS3OVcLGRk0EiDsQYGhbcEJks7lOFqKGhIax2WbcGILJPO2JkfTKIf941:y+mk4sQFNl/lcGWBJkA

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xRAT 2.exe
    "C:\Users\Admin\AppData\Local\Temp\xRAT 2.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\settings.xml

    Filesize

    393B

    MD5

    c2fd64e9c69c2898d27653b3b47db2ff

    SHA1

    610f9e4105fbf0f668897bec7be77b8bf708a6ae

    SHA256

    f07f40e283e8d07742a7743dcd5de22933e1c6a6e39513fe0164cd8a910fa030

    SHA512

    77f8c240db2afef34228e3cc59a2d46a18e5f757d8e20ae670dd1ca4eb420757afa5b7003e5ae8ef98806b52605c8828393418b7ba6f120267303d611630d664

  • memory/1176-19-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-20-0x00007FFFAC835000-0x00007FFFAC836000-memory.dmp

    Filesize

    4KB

  • memory/1176-3-0x000000001B9F0000-0x000000001BA8C000-memory.dmp

    Filesize

    624KB

  • memory/1176-4-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-5-0x00000000014F0000-0x00000000014F8000-memory.dmp

    Filesize

    32KB

  • memory/1176-2-0x000000001C010000-0x000000001C4DE000-memory.dmp

    Filesize

    4.8MB

  • memory/1176-1-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-0-0x00007FFFAC835000-0x00007FFFAC836000-memory.dmp

    Filesize

    4KB

  • memory/1176-18-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-21-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-22-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-23-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-24-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-27-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB

  • memory/1176-28-0x00007FFFAC580000-0x00007FFFACF21000-memory.dmp

    Filesize

    9.6MB