Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
24-12-2024 08:52
General
-
Target
2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4_Sigmanly.exe
-
Size
68KB
-
MD5
c3e87d5de68cefd51bdd950b3d6c488b
-
SHA1
78086f01b5aacf7f7bd13e62d842f0e89b36662a
-
SHA256
2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4
-
SHA512
6929ae82a700e55d953c753b7aff2c8e4db0717a18bbc20bd502223a8dd17d5dce1ea4e2d9c081206826a4c006285b2a26042e8bf8e3110ae03d517048279962
-
SSDEEP
768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIWV:BHJaAoHoc2x7bZoYBAcQlwJdMq
Malware Config
Extracted
runningrat
Signatures
-
RunningRat
RunningRat is a remote access trojan first seen in 2018.
-
RunningRat payload 1 IoCs
-
Runningrat family
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 7 IoCs
-
Drops file in System32 directory 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4_Sigmanly.exe"C:\Users\Admin\AppData\Local\Temp\2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4_Sigmanly.exe"1⤵
- Server Software Component: Terminal Services DLL
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k "SANETRUDDL"1⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k "SANETRUDDL"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\SANETRUDDL.exeC:\Windows\system32\SANETRUDDL.exe "c:\windows\system32\259554510.dll",MainThread2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD526a17f5ff905de5ae539080bab08b01f
SHA1bbafc6be665d16af598b178b5cab7afa9ba99de1
SHA256b9bc3f86b83b655c4f0d8ff6b2001fbe3fc6be2fb2ec416fa70fd51495ef6ee8
SHA51254ea806f8c23caba53add0dbd438eb0174ab4d990ce5c4daaee8e15b8aad713ccc4f3d6ab0d6efaefb226be5f09b4b9c8fbabef223498fac2896a3c7f1de5a24
-
Filesize
43KB
MD551138beea3e2c21ec44d0932c71762a8
SHA18939cf35447b22dd2c6e6f443446acc1bf986d58
SHA2565ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
SHA512794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d
-
Filesize
52KB
-
Filesize
60KB