Analysis
-
max time kernel
121s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
13-08-2023 10:23
General
-
Target
dd63a0473c5ddf211ca7bb31ae868dfa8a03d4056dd84c9b813b219b33cdc5c7.exe
-
Size
1.4MB
-
MD5
eb6fbbe18d63aef164979766989e5f27
-
SHA1
5acafcadd1f1ba55731f9a02bcf152bb697e4ad1
-
SHA256
dd63a0473c5ddf211ca7bb31ae868dfa8a03d4056dd84c9b813b219b33cdc5c7
-
SHA512
4a1e1932e4bab4510a4c3ac0c0c14c94c8f00792c35d2b4f1e4a25eaa8c37bc106ef400cf87a8f4969e8705450687a73ba16539e1578d961fbaab480cc258b6b
-
SSDEEP
24576:F39WkOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:59qHPkVOBTK
Score
10/10
Malware Config
Signatures
-
Detect PurpleFox Rootkit 1 IoCs
Detect PurpleFox Rootkit.
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious behavior: EnumeratesProcesses 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd63a0473c5ddf211ca7bb31ae868dfa8a03d4056dd84c9b813b219b33cdc5c7.exe"C:\Users\Admin\AppData\Local\Temp\dd63a0473c5ddf211ca7bb31ae868dfa8a03d4056dd84c9b813b219b33cdc5c7.exe"1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2272-54-0x0000000010000000-0x000000001019F000-memory.dmpFilesize
1.6MB