Analysis
-
max time kernel
151s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
12-10-2023 17:01
General
-
Target
8fb5759faab4bf6004acdb5263f095c250e51ee356630d89a6363b8004fe1fa4.exe
-
Size
1.4MB
-
MD5
f798258386f0177183865f275c0a8909
-
SHA1
2e24276fd41a780b030f01ab7f83abb9101913f4
-
SHA256
8fb5759faab4bf6004acdb5263f095c250e51ee356630d89a6363b8004fe1fa4
-
SHA512
2ca823649267d4e14db05d67cd27faf42a770b931317957b641d2031c544cced3dc2622af9c1baf7efaab3c09dfbbd7e2ac25c1cef2fc3c07ad15f286d1a51b2
-
SSDEEP
24576:sOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbH:sOWFJbtSMXoTLq73xK
Score
10/10
Malware Config
Signatures
-
Detect PurpleFox Rootkit 1 IoCs
Detect PurpleFox Rootkit.
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8fb5759faab4bf6004acdb5263f095c250e51ee356630d89a6363b8004fe1fa4.exe"C:\Users\Admin\AppData\Local\Temp\8fb5759faab4bf6004acdb5263f095c250e51ee356630d89a6363b8004fe1fa4.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB