Overview

overview

10

Static

static

3

3da00651de...fb.exe

windows7-x64

10

3da00651de...fb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    171s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3da00651de2aca0449afa220de5979fb.exe

  • Size

    636KB

  • MD5

    3da00651de2aca0449afa220de5979fb

  • SHA1

    26b2f295887722e744b557cc8cf43e86c20f2450

  • SHA256

    30c4f5d3a9bc4ea1c8dd362095d5621bb50403b1a592b83ee3d9c3658bd7a8d1

  • SHA512

    7fecc95338d87dad376ecb6ec5f1a121e3ad1e1a50753c760fb5314713b9d0182f99a07227306ee5e5f592776ec530974de43da74e65abf6ca5509fa92022f0b

  • SSDEEP

    12288:/4mHFQm2BOUamTo4NchWmdi0MgOSP0kIb/WU5Nxk:jWxHamToHW10MbSPuWG

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3da00651de2aca0449afa220de5979fb.exe
    "C:\Users\Admin\AppData\Local\Temp\3da00651de2aca0449afa220de5979fb.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/812-0-0x00000000748F0000-0x00000000750A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/812-1-0x00000000000F0000-0x0000000000196000-memory.dmp

    Filesize

    664KB

    Download

  • memory/812-2-0x00000000748F0000-0x00000000750A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/812-3-0x0000000005230000-0x00000000057D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/812-4-0x0000000000A40000-0x0000000000AD2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/812-5-0x0000000004E30000-0x0000000004E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-6-0x0000000000AF0000-0x0000000000AFA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/812-7-0x0000000004E30000-0x0000000004E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-8-0x0000000006090000-0x00000000060E8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/812-9-0x0000000007870000-0x00000000078DA000-memory.dmp

    Filesize

    424KB

    Download