Analysis Overview
score
10/10
SHA256
24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c
Threat Level: Known bad
The file 24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c was found to be: Known bad.
Malicious Activity Summary
Detects HZRAT backdoor
HZRAT
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-02-27 13:34
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-27 13:34
Reported
2023-02-27 13:36
Platform
win10-20230220-en
Max time kernel
142s
Max time network
147s
Command Line
"C:\Users\Admin\AppData\Local\Temp\24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c.exe"
Signatures
Detects HZRAT backdoor
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
HZRAT
Processes
C:\Users\Admin\AppData\Local\Temp\24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c.exe
"C:\Users\Admin\AppData\Local\Temp\24578aab7ab5caab7b292ead584eae09b0807e22fcb9bbb6bb02ada10d3e3b7c.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.4.63.11:8081 | tcp | |
| CN | 123.182.253.14:10004 | tcp | |
| US | 104.208.16.90:443 | tcp | |
| N/A | 10.4.63.11:8081 | tcp | |
| CN | 123.182.253.14:10004 | tcp | |
| N/A | 10.4.63.11:8081 | tcp | |
| CN | 123.182.253.14:10004 | tcp | |
| N/A | 10.4.63.11:8081 | tcp |
Files
memory/2008-121-0x0000000000400000-0x00000000004B4000-memory.dmp