Overview

overview

10

Static

static

10

KNKCHEATS.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    15s
  • max time network
    20s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-01-2024 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KNKCHEATS.exe

  • Size

    2.4MB

  • MD5

    d3540234c7fb3fa5325d67adec05b992

  • SHA1

    98428139696fef016bae199817aa0265f442e036

  • SHA256

    0bdb04c0fd89802d82152d62f9238d1199e3ba0a89be49d7a3ec78a2191911b0

  • SHA512

    e936faf4c1557ef7d16559439f7ad598e4e2369828ddc5284a04c0456fcc21ae98ab6b1efb91a4a61bd4e50e65490970a6272b4ca67498a3a3db4bcea49a25bc

  • SSDEEP

    49152:Q1G7KhsWA4Yi9KvKPuYYrkplU47tTnCwfPSBEaKmJ:QgKhRYPv8xWkpu47t7CwyH

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KNKCHEATS.exe
    "C:\Users\Admin\AppData\Local\Temp\KNKCHEATS.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4264-0-0x0000025BFBCC0000-0x0000025BFBF26000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4264-1-0x00007FFDE7DE0000-0x00007FFDE87CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4264-2-0x0000025BFDC70000-0x0000025BFDC80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4264-3-0x00007FFDE7DE0000-0x00007FFDE87CC000-memory.dmp

    Filesize

    9.9MB

    Download