Analysis Overview
SHA256
c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7
Threat Level: No (potentially) malicious behavior was detected
The file whoisthisugly's RAT set.rar was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-15 21:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-15 21:21
Reported
2025-03-15 21:22
Platform
win11-20250313-en
Max time kernel
13s
Max time network
9s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\whoisthisugly's RAT set.rar"
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.89:443 | www.bing.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-15 21:21
Reported
2025-03-15 21:22
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Processes
/tmp/whoisthisugly's RAT set.rar
[/tmp/whoisthisugly's RAT set.rar]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.7:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2025-03-15 21:21
Reported
2025-03-15 21:22
Platform
debian9-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/whoisthisugly's RAT set.rar
[/tmp/whoisthisugly's RAT set.rar]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2025-03-15 21:21
Reported
2025-03-15 21:23
Platform
debian9-mipsbe-20240611-en
Max time kernel
1s
Command Line
Signatures
Processes
/tmp/whoisthisugly's RAT set.rar
[/tmp/whoisthisugly's RAT set.rar]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2025-03-15 21:21
Reported
2025-03-15 21:22
Platform
debian9-mipsel-20240611-en