Analysis
-
max time kernel
154s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
-
submitted
26/08/2023, 13:42
General
-
Target
acd2373c56523db76e39f0fef2127fd4970fe87efa5bfa565077a3c0c7e0e470.exe
-
Size
1.3MB
-
MD5
ef9234ef604974d53c9376af13dd59d0
-
SHA1
9bd3a278443d17657f347dde6741ba1d94e1d0d6
-
SHA256
acd2373c56523db76e39f0fef2127fd4970fe87efa5bfa565077a3c0c7e0e470
-
SHA512
c9362e75764f3b26b7f3c9687fa3bb59b209aec042436ea8579b7abe885b1cfbc61195c77c7b1ab0797968f6572e5117543345a71fb361d7c14172069b767b8e
-
SSDEEP
24576:9OyHutimZ9VSly2hVvHW6qMnSbTBBhBMN3Fyzhyz:wHPkVOBTK
Score
10/10
Malware Config
Signatures
-
Detect PurpleFox Rootkit 1 IoCs
Detect PurpleFox Rootkit.
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\acd2373c56523db76e39f0fef2127fd4970fe87efa5bfa565077a3c0c7e0e470.exe"C:\Users\Admin\AppData\Local\Temp\acd2373c56523db76e39f0fef2127fd4970fe87efa5bfa565077a3c0c7e0e470.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB