Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2023, 00:43
Behavioral task
behavioral1
Sample
b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b.exe
Resource
win7-20230712-en
6 signatures
150 seconds
General
-
Target
b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b.exe
-
Size
539KB
-
MD5
9ec8fd10620502a1f2a2772edf2c3749
-
SHA1
c0b23737b0b8f5805eff03f44587352d56ef9f65
-
SHA256
b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b
-
SHA512
cd95882bf723aeda460fd7c53207a70d972fac7e2084707a81c96ed1d6c36ac6e88d3471e327a7f195fd04f08668f9fdb99c9ccab33c58786f7f8a20c16f8c35
-
SSDEEP
12288:KhymnwJFPNdgBAEHApqePJN1AmLM7uVq9sSJx5:KUmwrl2Ao7sJNlM7ymsSJ7
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2052-134-0x0000000010000000-0x000000001019F000-memory.dmp purplefox_rootkit behavioral2/memory/2052-150-0x0000000000400000-0x0000000000547000-memory.dmp purplefox_rootkit -
Gh0st RAT payload 2 IoCs
resource yara_rule behavioral2/memory/2052-134-0x0000000010000000-0x000000001019F000-memory.dmp family_gh0strat behavioral2/memory/2052-150-0x0000000000400000-0x0000000000547000-memory.dmp family_gh0strat -
resource yara_rule behavioral2/memory/2052-133-0x0000000000400000-0x0000000000547000-memory.dmp upx behavioral2/memory/2052-150-0x0000000000400000-0x0000000000547000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2052 b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b.exe Token: SeIncBasePriorityPrivilege 2052 b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b.exe Token: 33 2052 b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b.exe Token: SeIncBasePriorityPrivilege 2052 b9516cc516f720bc593bba359678144a6850f8dd003011cca30e026665a4474b.exe