Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
22-08-2023 22:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5.exe
Resource
win7-20230712-en
windows7-x64
3 signatures
150 seconds
General
-
Target
c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5.exe
-
Size
3.7MB
-
MD5
d562a3dc03794d1780bd2e598393acbf
-
SHA1
7c29aada265f4632745971ab9ab8c8c150b33ef7
-
SHA256
c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5
-
SHA512
98099a6cfb6d1afec42849e9f470cf586f40da916d1b0e97ca77754ece222d7909c60d8833428342b2ae4bf3d8235b3981b587eedc5d66df035fca489d3d7591
-
SSDEEP
98304:ebdh18MZ4kY+ICn4Gw2mOaXgMmahOlZ8vBfgiQc9pL:eDZtICc2R0JmgiZ8v5glOpL
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule behavioral1/memory/2224-54-0x0000000010000000-0x0000000010046000-memory.dmp family_gh0strat -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2224 c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5.exe Token: SeIncBasePriorityPrivilege 2224 c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5.exe Token: 33 2224 c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5.exe Token: SeIncBasePriorityPrivilege 2224 c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5.exe