Overview

overview

10

Static

static

10

7bae42064e...74.exe

windows7-x64

10

7bae42064e...74.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bae42064e90876fa11196bc204e5574.exe

  • Size

    138KB

  • MD5

    7bae42064e90876fa11196bc204e5574

  • SHA1

    379552396e31c91289a3a3ab9fcfc986b9ee02fa

  • SHA256

    75663081d185025938ac1882d493f7ceca553aeaf020b0a7b76d19b5a5d1f186

  • SHA512

    de029a8828184d62260697c30741c2915d7d00dff8970530423bdb3017a05e594112b49e1d444e19214e4711aa2f138fbf3a08d64e22649ae7446a50bd0662d8

  • SSDEEP

    3072:AUqPeqovH7Wbwx0uPneIxypSmOePK4Nk7rybZuwY1Z:AUaeqoiGeIxQrKgQGZuwY

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bae42064e90876fa11196bc204e5574.exe
    "C:\Users\Admin\AppData\Local\Temp\7bae42064e90876fa11196bc204e5574.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3100
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\2603300.dll
    Filesize

    105KB

    MD5

    416177d74aab0469963377b02cdbb49c

    SHA1

    19398899b3e97194d4ef59f531758b7970bc9f82

    SHA256

    baff8f04977f0511ccfb0336622298aced89c8987acade9b985f69b2c17de91e

    SHA512

    316a58b320631fbcac7ce2055ce996e58653a7edc0e199f9be5268349619df4cacdec0bbf3360ba17ed996fce62d52d3ffc45e850befb117e2439ca94c4af069

    Download Submit

  • \??\c:\windows\filename.jpg
    Filesize

    4.4MB

    MD5

    8037d6c5e4f92de4c8f86c8bc764daf8

    SHA1

    43011f2d0ac893703c1d3b79ca03ba4af4355fad

    SHA256

    858034d77d77f45d2242dba93a4edd07fb09c48cf80f5f4b3ba605c10093b5da

    SHA512

    837c72dc47e90dea583895145cd2e6cdb03f73e4004916c1edc406f0f6630253332efcdc58a6469dc992d0095da8818a95d150bb80c851e0e2cfd7e50884c9d2

    Download Submit