Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    11s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2023 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    6.0MB

  • MD5

    f97a48d0cfab988ccaf60bcd62963c9d

  • SHA1

    a36f7164ebf8df8a4a71aa6d026a2d94f1e8fdac

  • SHA256

    b51a27a89709598d5a20b537d861c3e5e818ff72dbaed5426062ddaa1c266eb9

  • SHA512

    f70222efcb041345e9af496cf3b866737ed787c111cbdb3474973b5c7c9652db6c55093fd5c7bcf600512196fa29e08cefe185469fa4b189db237cead325b4e8

  • SSDEEP

    98304:BaJUJzze8IZfkx9KWqBDeRTsnBF75riKIJWsHGRoy6Qn3g64UFkcSJNsPGw7Wb/7:2U1GZfe7RTsBF75OKjs+oPTpUC+Gwqbj

Score
10/10
purelogszgratpersistenceratstealer

Malware Config

Signatures

  • Detect PureLogs payload 1 IoCs
  • Detect ZGRat V1 33 IoCs
  • PureLogs

    PureLogs is an infostealer written in C#.

    stealerpurelogs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Users\Admin\AppData\Local\Temp\tmp.exe
      C:\Users\Admin\AppData\Local\Temp\tmp.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3976
    • C:\Users\Admin\AppData\Local\Temp\tmp.exe
      C:\Users\Admin\AppData\Local\Temp\tmp.exe
      2⤵
        PID:2064
      • C:\Users\Admin\AppData\Local\Temp\tmp.exe
        C:\Users\Admin\AppData\Local\Temp\tmp.exe
        2⤵
          PID:1636

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tmp.exe.log
        Filesize

        927B

        MD5

        4a911455784f74e368a4c2c7876d76f4

        SHA1

        a1700a0849ffb4f26671eb76da2489946b821c34

        SHA256

        264098e15b5b33d425f3b76e45b7976b58f917048125041135f7e60d8151108c

        SHA512

        4617591400409e1930195795a55e20d5f063042bb3e9fd1955099066e507b6ac8a1e3ae54cc42418e2639149b31bf7e58cd5743670d9030a15e29f14d813815d

        Download Submit

      • memory/3976-44-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-72-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-6072-0x0000000074710000-0x0000000074EC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3976-6071-0x00000000055F0000-0x0000000005656000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3976-64-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-66-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-70-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-74-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-14-0x0000000005440000-0x0000000005514000-memory.dmp

        Filesize

        848KB

        Download

      • memory/3976-13-0x0000000005570000-0x0000000005580000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3976-76-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-78-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-10-0x0000000000400000-0x000000000046E000-memory.dmp

        Filesize

        440KB

        Download

      • memory/3976-16-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-34-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-26-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-24-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-28-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-36-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-40-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-42-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-38-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-20-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-68-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-48-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-58-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-62-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-60-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-56-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-54-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-52-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-50-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-46-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-32-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-30-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-22-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3976-18-0x0000000074710000-0x0000000074EC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3976-17-0x0000000005440000-0x000000000550E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3996-2-0x0000000005050000-0x0000000005060000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3996-0-0x0000000000500000-0x0000000000604000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/3996-15-0x0000000074710000-0x0000000074EC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3996-8-0x0000000005880000-0x0000000005E24000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3996-1-0x0000000074710000-0x0000000074EC0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3996-7-0x0000000005230000-0x000000000527C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3996-6-0x00000000051A0000-0x0000000005232000-memory.dmp

        Filesize

        584KB

        Download

      • memory/3996-5-0x0000000005110000-0x00000000051A4000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3996-4-0x0000000005060000-0x000000000510C000-memory.dmp

        Filesize

        688KB

        Download

      • memory/3996-3-0x0000000004F50000-0x0000000004FFC000-memory.dmp

        Filesize

        688KB

        Download