Overview

overview

10

Static

static

3

8eb3f7a87e...53.dll

windows7-x64

10

8eb3f7a87e...53.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-02-2025 04:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8eb3f7a87e9f33f64793dde4bbe4c63d97b600fdecc00cf77341abbe27d69553.dll

  • Size

    62.0MB

  • MD5

    c878951a604018f259ac092ff2251a98

  • SHA1

    b5a1a4cd2b88ed67adcb6293e54c1b13953c6f19

  • SHA256

    8eb3f7a87e9f33f64793dde4bbe4c63d97b600fdecc00cf77341abbe27d69553

  • SHA512

    c827468238bea1de6fabcd46f45a62accdaba62d4f3506f4baba15b846d47fcd1a21134700639f55ee532a6b38fa769df0c12e5f568b49ab8d7e8a2628068a05

  • SSDEEP

    1572864:9YsjkeZwu3B4RHLqyzWZvbYF8WNLKUnBDUpG5FQ:vIfzW6xBK

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Signatures

  • Detects Rhadamanthys payload 3 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Rhadamanthys family
    rhadamanthys
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1192
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb3f7a87e9f33f64793dde4bbe4c63d97b600fdecc00cf77341abbe27d69553.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2400
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb3f7a87e9f33f64793dde4bbe4c63d97b600fdecc00cf77341abbe27d69553.dll,#1
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2716
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\SysWOW64\rundll32.exe"
            4⤵
            • Suspicious use of NtCreateUserProcessOtherParentProcess
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2808
      • C:\Windows\SysWOW64\dialer.exe
        "C:\Windows\system32\dialer.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2736

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2736-12-0x0000000000080000-0x000000000008A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2736-17-0x00000000758C0000-0x0000000075907000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2736-15-0x0000000077800000-0x00000000779A9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2736-14-0x0000000001E00000-0x0000000002200000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2808-6-0x0000000000170000-0x00000000001F1000-memory.dmp

      Filesize

      516KB

      Download

    • memory/2808-7-0x0000000001F80000-0x0000000002380000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2808-8-0x0000000001F80000-0x0000000002380000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2808-9-0x0000000077800000-0x00000000779A9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2808-11-0x00000000758C0000-0x0000000075907000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2808-4-0x0000000000170000-0x00000000001F1000-memory.dmp

      Filesize

      516KB

      Download

    • memory/2808-3-0x0000000000170000-0x00000000001F1000-memory.dmp

      Filesize

      516KB

      Download

    • memory/2808-0-0x0000000000170000-0x00000000001F1000-memory.dmp

      Filesize

      516KB

      Download

    • memory/2808-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download