Overview

overview

7

Static

static

7

Silver Rat...at.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    3s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-06-2024 05:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Silver Rat [Re Lab]/SilverRat.exe

  • Size

    25.2MB

  • MD5

    d6527f7d5f5152c3f5fff6786e5c1606

  • SHA1

    e8da82b4a3d2b6bee04236162e5e46e636310ec6

  • SHA256

    79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9

  • SHA512

    2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

  • SSDEEP

    786432:SZYRGnGvovVvAuuglekvAR4vzHcv6lHGH9KdDmvQuLGgJMKV+n9n1vgvVv2jlv1S:Ik79a

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe
    "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 1296
      2⤵
      • Program crash
      PID:3276
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 1316
      2⤵
      • Program crash
      PID:3044
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2936 -ip 2936
    1⤵
      PID:3032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2936 -ip 2936
      1⤵
        PID:1504

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2936-0-0x00000000749BE000-0x00000000749BF000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2936-1-0x0000000000010000-0x000000000193E000-memory.dmp
        Filesize

        25.2MB

        Download
      • memory/2936-2-0x0000000006900000-0x0000000006EA6000-memory.dmp
        Filesize

        5.6MB

        Download
      • memory/2936-3-0x0000000006350000-0x00000000063E2000-memory.dmp
        Filesize

        584KB

        Download
      • memory/2936-4-0x0000000006EB0000-0x0000000007026000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/2936-5-0x0000000007180000-0x00000000072D0000-memory.dmp
        Filesize

        1.3MB

        Download
      • memory/2936-6-0x0000000007030000-0x000000000707E000-memory.dmp
        Filesize

        312KB

        Download
      • memory/2936-7-0x00000000075E0000-0x0000000007832000-memory.dmp
        Filesize

        2.3MB

        Download
      • memory/2936-8-0x00000000749B0000-0x0000000075161000-memory.dmp
        Filesize

        7.7MB

        Download
      • memory/2936-9-0x00000000075C0000-0x00000000075CA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/2936-10-0x0000000008410000-0x0000000008442000-memory.dmp
        Filesize

        200KB

        Download
      • memory/2936-11-0x00000000085F0000-0x000000000868C000-memory.dmp
        Filesize

        624KB

        Download
      • memory/2936-12-0x0000000008B00000-0x0000000008C4E000-memory.dmp
        Filesize

        1.3MB

        Download
      • memory/2936-13-0x00000000749B0000-0x0000000075161000-memory.dmp
        Filesize

        7.7MB

        Download