Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    15/11/2023, 13:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    3.3MB

  • MD5

    73bf50ef38ecadff4e120a31ad00c747

  • SHA1

    295d4c63e6e06f332abc9bcd63fdc791a28106f3

  • SHA256

    64cf760478ae702e8157d46821cfdb8fad6ac6bf640b511ca736d7315db70632

  • SHA512

    bd3cd4b759984052a35e37fc5be326f7881eb5258a7e1e8eb73f19e4b6bb620189d81826df5575c7b2e54deaab77c1a0c96989e4e5171aeec5d6b4ef8108cb05

  • SSDEEP

    49152:srtlvkg7SLN0vG1YThBRon856UwdeOJe+x0FkCJY7gmpYRt77M9oRSAS/t0IcZID:sr6VChQV+FYf

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1764

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1764-0-0x0000000000E70000-0x00000000011B8000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1764-1-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/1764-3-0x0000000000140000-0x0000000000141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-2-0x0000000000AE0000-0x0000000000B60000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1764-4-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

          Filesize

          9.9MB

          Download