zgrat | edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca.exe
Size

4.7MB
MD5

7f6150d477d9eaf6f70436491a89dfe3
SHA1

06e90b4416529f7b572a64394ae191c33ba47ce6
SHA256

edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca
SHA512

732c21e5da5ad89f5061c3c7abde6590e4521e82b3d84f7a46a3d5de2c1049892a315ae32425e5cc8f46698e58412ef4e84d48f07955621a2045c5e5791ba9dd
SSDEEP

98304:e+82Cvvk+b+2X7yzuF3PQ6Oy+shbZ24+0TilcsuNmLZcwoteB:V8VvvDR3PtvA4+0TeENwXoteB

Score

10^/10

zgrat rat vmprotect

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/1396-0-0x0000000001320000-0x0000000001AC8000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1396-0-0x0000000001320000-0x0000000001AC8000-memory.dmp	vmprotect

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1396	edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1396	edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca.exe

C:\Users\Admin\AppData\Local\Temp\edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca.exe
"C:\Users\Admin\AppData\Local\Temp\edd0efee31afa02a93fffde9a51640446f9de58ff13a456c4410bee9fc0fe3ca.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1396-0-0x0000000001320000-0x0000000001AC8000-memory.dmp

Filesize
7.7MB

Download
memory/1396-1-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/1396-2-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-3-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-4-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-5-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-6-0x000000001C390000-0x000000001C646000-memory.dmp

Filesize
2.7MB

Download
memory/1396-8-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/1396-7-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/1396-12-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-11-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-13-0x000000001B5F0000-0x000000001B698000-memory.dmp

Filesize
672KB

Download
memory/1396-22-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-21-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-23-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/1396-25-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-24-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1396-26-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-27-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-28-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-29-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-30-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/1396-31-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-32-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-33-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-34-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download
memory/1396-35-0x000000001BE70000-0x000000001BEF0000-memory.dmp

Filesize
512KB

Download