Overview

overview

10

Static

static

3

51fd19986d...8d.exe

windows7-x64

10

51fd19986d...8d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2023 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51fd19986d56ab957d1a3099f5700ba671dda8de2afe89bfb6d3ab613d74228d.exe

  • Size

    1.4MB

  • MD5

    9cff53f87732086b9cc0079579718e4d

  • SHA1

    7cd9a2da0f3e13730265d6058793df70cb6b754d

  • SHA256

    51fd19986d56ab957d1a3099f5700ba671dda8de2afe89bfb6d3ab613d74228d

  • SHA512

    edf77e3c380d6ceadbfc83c30bab18e7136ac0e4deadd79524df354484b9d818ccb0cbe545800b3590404cd4d564937852fbdc6cb5c19da582d8db10f756b08b

  • SSDEEP

    24576:uTHu+Zi/En/T1ElqY5IGOrWZK2fqbpWpZ8TomPhY7ykuqG2zAZvnM5Y:uThB1j7W42fqYpZhmu7XuozARj

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Signatures

  • Detect PurpleFox Rootkit 1 IoCs

    Detect PurpleFox Rootkit.

    rootkit
  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    rootkittrojanpurplefox
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 33 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51fd19986d56ab957d1a3099f5700ba671dda8de2afe89bfb6d3ab613d74228d.exe
    "C:\Users\Admin\AppData\Local\Temp\51fd19986d56ab957d1a3099f5700ba671dda8de2afe89bfb6d3ab613d74228d.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1996-54-0x0000000000400000-0x0000000000631000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1996-55-0x0000000075570000-0x00000000755B7000-memory.dmp
    Filesize

    284KB

    Download
  • memory/1996-870-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-868-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-866-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-865-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-874-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-872-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-876-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-882-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-880-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-878-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-884-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-886-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-888-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-890-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-894-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-892-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-898-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-896-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-902-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-900-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-906-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-904-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-908-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-910-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-912-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-914-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-916-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-918-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-920-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-922-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-924-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-926-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-1824-0x0000000000400000-0x0000000000631000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1996-2602-0x0000000001ED0000-0x0000000001FD0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/1996-2603-0x0000000002010000-0x0000000002191000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1996-5402-0x0000000001ED0000-0x0000000001FD0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/1996-8743-0x00000000022C0000-0x00000000023D1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1996-8748-0x0000000000400000-0x0000000000631000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1996-8767-0x0000000000400000-0x0000000000631000-memory.dmp
    Filesize

    2.2MB

    Download