Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
23/08/2023, 00:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256.exe
Resource
win7-20230712-en
5 signatures
150 seconds
General
-
Target
8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256.exe
-
Size
1.3MB
-
MD5
96be3ebe2c4b73353c1c9c8aed79ed4f
-
SHA1
5c78e7e465c42a0e5e9f74f25e537cf6152e751b
-
SHA256
8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256
-
SHA512
66a28d0e83f772ed619488768324f36e8def332ba951071bc2797cd80352090aa2bfa4bff3bef9dc7d639292e041294848683c48333a93cbae603fa508a181fe
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNq:QHPkVOBTK
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1196-54-0x0000000010000000-0x000000001019F000-memory.dmp purplefox_rootkit -
Gh0st RAT payload 1 IoCs
resource yara_rule behavioral1/memory/1196-54-0x0000000010000000-0x000000001019F000-memory.dmp family_gh0strat -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1196 8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256.exe Token: SeIncBasePriorityPrivilege 1196 8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256.exe Token: 33 1196 8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256.exe Token: SeIncBasePriorityPrivilege 1196 8986dead4f55f3973cde891220d71e1d5682808437d575ef3ff3f08b2aad3256.exe