zgrat | 5c892da90bd999b35cc59bb05f241ce94aef00a392a87bd44384655a393e686c

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 03:01

Target

791a6e32072b1ba9a04cba08ea2ed6bd.exe
Size

2.4MB
MD5

791a6e32072b1ba9a04cba08ea2ed6bd
SHA1

64c8d9dda10494e48241eea9f27f255df5100746
SHA256

5c892da90bd999b35cc59bb05f241ce94aef00a392a87bd44384655a393e686c
SHA512

ef161b54627e1b68121c9df6b83e1e3c55ca53d5d6f1fe8e03317ecb7fe010f9f49f05020b90894e9433769d497ab65cae55c7702e311e66dc9208187e54aba4
SSDEEP

49152:bAmz4YMLZcVNoBTHsYfCdd2c8ZrVBVyADVvl0ivmmvziEPeoW:kmz4tYoBTHsYfbrbEaeWmmvzikeoW

Score

10^/10

zgrat rat

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral2/memory/3892-0-0x0000000000D70000-0x0000000000FDA000-memory.dmp	family_zgrat_v1

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2432	3892	WerFault.exe	85
2760	3892	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\791a6e32072b1ba9a04cba08ea2ed6bd.exe
"C:\Users\Admin\AppData\Local\Temp\791a6e32072b1ba9a04cba08ea2ed6bd.exe"
1⤵
PID:3892
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 1396
  2⤵
  - Program crash
  PID:2432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 1368
  2⤵
  - Program crash
  PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3892 -ip 3892
1⤵
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3892 -ip 3892
1⤵
PID:3908

memory/3892-0-0x0000000000D70000-0x0000000000FDA000-memory.dmp

Filesize
2.4MB

Download
memory/3892-1-0x0000000075030000-0x00000000757E0000-memory.dmp

Filesize
7.7MB

Download
memory/3892-2-0x0000000005F50000-0x00000000064F4000-memory.dmp

Filesize
5.6MB

Download
memory/3892-3-0x0000000005A40000-0x0000000005AD2000-memory.dmp

Filesize
584KB

Download
memory/3892-4-0x0000000005A20000-0x0000000005A30000-memory.dmp

Filesize
64KB

Download
memory/3892-5-0x0000000005D80000-0x0000000005D8A000-memory.dmp

Filesize
40KB

Download
memory/3892-6-0x0000000009300000-0x0000000009690000-memory.dmp

Filesize
3.6MB

Download
memory/3892-7-0x0000000009690000-0x0000000009770000-memory.dmp

Filesize
896KB

Download
memory/3892-8-0x0000000005F10000-0x0000000005F52000-memory.dmp

Filesize
264KB

Download
memory/3892-9-0x000000000B120000-0x000000000B1BC000-memory.dmp

Filesize
624KB

Download
memory/3892-10-0x0000000075030000-0x00000000757E0000-memory.dmp

Filesize
7.7MB

Download