Overview

overview

10

Static

static

10

1296422c04...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-it
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-itlocale:it-itos:windows10-2004-x64systemwindows
  • submitted
    14/01/2024, 20:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1296422c0423eecf97096328bae747e3b978b1460e76929f6cf847718bec2ee2.exe

  • Size

    4.5MB

  • MD5

    18bf6e6d3787e9abb6fb46d2be0a4665

  • SHA1

    edf80c4c66be632948259ea63106ec3b38557cc9

  • SHA256

    1296422c0423eecf97096328bae747e3b978b1460e76929f6cf847718bec2ee2

  • SHA512

    7f6903c8a53e2dbf07b085c3302d7452888bea1b0dcde78366617b721507b7272d6d8147d03a735fd74b01893f6f7e1cfa590c0e6a4555438848e157bf9db7d5

  • SSDEEP

    98304:OW9BS2DnuClYWqVa0SWGrio8PHW+oNg8S5Fz6n:lS2Dnu0aSWG2o8fxg

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1296422c0423eecf97096328bae747e3b978b1460e76929f6cf847718bec2ee2.exe
    "C:\Users\Admin\AppData\Local\Temp\1296422c0423eecf97096328bae747e3b978b1460e76929f6cf847718bec2ee2.exe"
    1⤵
      PID:4168
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 1000
        2⤵
        • Program crash
        PID:1104
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4168 -ip 4168
      1⤵
        PID:892

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4168-0-0x0000000075020000-0x00000000757D0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/4168-1-0x0000000000F00000-0x0000000001380000-memory.dmp

              Filesize

              4.5MB

              Download

            • memory/4168-2-0x0000000005DD0000-0x0000000005E6C000-memory.dmp

              Filesize

              624KB

              Download

            • memory/4168-3-0x0000000075020000-0x00000000757D0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/4168-4-0x0000000006440000-0x0000000006542000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/4168-5-0x0000000075020000-0x00000000757D0000-memory.dmp

              Filesize

              7.7MB

              Download