Overview

overview

10

Static

static

d2198fedf0...59.exe

windows7-x64

10

d2198fedf0...59.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    21s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2198fedf0fabb870eaaaa359f6f6b44003a5d7ffd5f3f92d212190860635d59.exe

  • Size

    94KB

  • MD5

    0c11842182587c6ce458abba4dd3ac88

  • SHA1

    12ca437823829972b51e83ae84aa2094f0efa72f

  • SHA256

    d2198fedf0fabb870eaaaa359f6f6b44003a5d7ffd5f3f92d212190860635d59

  • SHA512

    ae485a70b5e3359d01240b4b5e822925f1da058f62ba9666fedc20582a1503ebed7c67a00aad67bd1376d0a8a5713786e1fd1d65d139f3023b4f24f861de5502

  • SSDEEP

    1536:RFQwQsiZkoa2BhmUB4I+yuDg1uUO2mntP2qZNKHuNMaSJETxmIGykRZhcMePLHB:RFQwQhZkOLfuDg0PtOqzKONqsEykRLS1

Score
10/10
gh0stratratupx

Malware Config

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2198fedf0fabb870eaaaa359f6f6b44003a5d7ffd5f3f92d212190860635d59.exe
    "C:\Users\Admin\AppData\Local\Temp\d2198fedf0fabb870eaaaa359f6f6b44003a5d7ffd5f3f92d212190860635d59.exe"
    1⤵
      PID:732
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 732 -s 656
        2⤵
        • Program crash
        PID:4336
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 732 -ip 732
      1⤵
        PID:4280

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/732-135-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/732-136-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/732-134-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/732-132-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download