Analysis
-
max time kernel
138s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
07-01-2023 20:26
Static task
static1
Behavioral task
behavioral1
Sample
f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7.exe
Resource
win7-20221111-en
windows7-x64
5 signatures
150 seconds
General
-
Target
f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7.exe
-
Size
1.2MB
-
MD5
c645d0b4fd2a6cda321f22ca63c0c9e4
-
SHA1
f399b4c706c0a5d9e9005d26b3059385065bbe58
-
SHA256
f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7
-
SHA512
80b1307bcacf85dc96d6bdea0757c008275ac0c5a00654a6a8db447da11c4f25f61f1d54e2045a1b3c06cea5eeaa7e7680c6e30836c3b2cbd8a3e44758c95401
-
SSDEEP
12288:cU4GKjTbx62TWGnujqU0z0gIlGYTbRliQHaUVPgCwUyzcdqPtoDC5n0I:cU4tjTF62mqtzlIlRZ6UNgC70P+Dm0I
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1632-55-0x0000000010000000-0x0000000010191000-memory.dmp purplefox_rootkit -
Gh0st RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1632-55-0x0000000010000000-0x0000000010191000-memory.dmp family_gh0strat -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7.exepid process 1632 f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7.exe