Overview

overview

10

Static

static

10

7705834022...64.exe

windows7-x64

10

7705834022...64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    186s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 04:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    770583402219d4593b015980c92874dc2f8c618b1e0f75abd85ed9e9e66a0564.exe

  • Size

    138KB

  • MD5

    e05e33b5383ff73f4225d9bd6e691874

  • SHA1

    ce3c1ed51c84c73b38f88ab3e430238c6cc1791d

  • SHA256

    770583402219d4593b015980c92874dc2f8c618b1e0f75abd85ed9e9e66a0564

  • SHA512

    8389723b92e309ead143ed2e4deb3f0b1b62f29736a613dfbdb8bf3103bf4ecf950b5cdb8e62edc41d0bdc750c9cd68f984369843f245d8cef01614877a3911a

  • SSDEEP

    3072:64vBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwq1UqRPeqov:6m8tA1fYmFEX2ZuwqC8eqo

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 4 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\770583402219d4593b015980c92874dc2f8c618b1e0f75abd85ed9e9e66a0564.exe
    "C:\Users\Admin\AppData\Local\Temp\770583402219d4593b015980c92874dc2f8c618b1e0f75abd85ed9e9e66a0564.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1308
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2504

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\791900.dll
          Filesize

          105KB

          MD5

          a98cab65dab084679223253d9f1a55cb

          SHA1

          3274088eded9f500c9bb9edbf1da45cb2b4726ac

          SHA256

          7a67045cb3c5e2eced90a332fba999eb5c53a7d5ad0246272d2cebc048024013

          SHA512

          662bcd180d74ad2682ed9d290299c0def1d938ffd1fe962eff5ed49f544793922f1eae6838d67385033a9c51c444072ae1d0d10e59cb084ab48884c0566c92ec

          Download Submit

        • C:\791900.dll
          Filesize

          105KB

          MD5

          a98cab65dab084679223253d9f1a55cb

          SHA1

          3274088eded9f500c9bb9edbf1da45cb2b4726ac

          SHA256

          7a67045cb3c5e2eced90a332fba999eb5c53a7d5ad0246272d2cebc048024013

          SHA512

          662bcd180d74ad2682ed9d290299c0def1d938ffd1fe962eff5ed49f544793922f1eae6838d67385033a9c51c444072ae1d0d10e59cb084ab48884c0566c92ec

          Download Submit

        • C:\Program Files (x86)\Dkha\Vksgvjpyx.pic
          Filesize

          10.1MB

          MD5

          07656f6996f150bcaa49e6781fb54a9a

          SHA1

          b85cfd6a04c6d2d20edc045b17f4f1807cb614a4

          SHA256

          7648991fa6695c8fba4fe713ead80fd846b8f4dd58998a1e315e96a2c885689d

          SHA512

          c3671b730211203bdb039c47b3f6f541fa88725e384b97df0ad0a46a45aaeb5fd26d4d06a9636d62fcb36b1840a57cb7a697100c00197e7bf156e5bbc6f859cb

          Download Submit

        • \??\c:\NT_Path.jpg
          Filesize

          116B

          MD5

          002c6dbb020b147326e5ce1e08749772

          SHA1

          55efdacda6719ca6815dc8134e0b59a8eb02ca60

          SHA256

          8a7e0515216385590e9ea395fe74a7d1af332b3df3abf362bded4dfd08cf5acb

          SHA512

          495e11fb424126f9d5bb1113da319448c4e6cf389d7a47799da0c41f2ca54ca6520d610ccc21c1ee4b81b2ee234b29bc795f9a7e8a40b9ea5d1ad60202317f5e

          Download Submit

        • \??\c:\program files (x86)\dkha\vksgvjpyx.pic
          Filesize

          10.1MB

          MD5

          07656f6996f150bcaa49e6781fb54a9a

          SHA1

          b85cfd6a04c6d2d20edc045b17f4f1807cb614a4

          SHA256

          7648991fa6695c8fba4fe713ead80fd846b8f4dd58998a1e315e96a2c885689d

          SHA512

          c3671b730211203bdb039c47b3f6f541fa88725e384b97df0ad0a46a45aaeb5fd26d4d06a9636d62fcb36b1840a57cb7a697100c00197e7bf156e5bbc6f859cb

          Download Submit