Analysis
-
max time kernel
119s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-02-2024 08:14
Behavioral task
behavioral1
Sample
d6c5410b2d9e45c08deaabe2c3e09c65.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
d6c5410b2d9e45c08deaabe2c3e09c65.exe
-
Size
5.7MB
-
MD5
d6c5410b2d9e45c08deaabe2c3e09c65
-
SHA1
e7fd29cf3488283bb7b43a31f965b9849c2d55cf
-
SHA256
f9e3c1a6284370cd7b6f8cb5a54d4d5f639a6fe0eb6c9a293d350e6505a3df75
-
SHA512
3f4a0ba92a7509a2d84aac0fc4d2c8d80144ccc090c664276acb85db487585419f268bb3b27652cdb88010d72ef5bdf66bf56fbfbdf6f4b4a2b2569cb2c3f325
-
SSDEEP
98304:rdl0LfzHWvOWzAWG6JgBhbwvU4yBSlT+5fge0RMpxkp:rAzHWvNAWG6k4U4yBWq5fWMpI
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2484-1-0x00000000011D0000-0x000000000177A000-memory.dmp family_zgrat_v1 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3068 2484 WerFault.exe d6c5410b2d9e45c08deaabe2c3e09c65.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
d6c5410b2d9e45c08deaabe2c3e09c65.exedescription pid process target process PID 2484 wrote to memory of 3068 2484 d6c5410b2d9e45c08deaabe2c3e09c65.exe WerFault.exe PID 2484 wrote to memory of 3068 2484 d6c5410b2d9e45c08deaabe2c3e09c65.exe WerFault.exe PID 2484 wrote to memory of 3068 2484 d6c5410b2d9e45c08deaabe2c3e09c65.exe WerFault.exe PID 2484 wrote to memory of 3068 2484 d6c5410b2d9e45c08deaabe2c3e09c65.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6c5410b2d9e45c08deaabe2c3e09c65.exe"C:\Users\Admin\AppData\Local\Temp\d6c5410b2d9e45c08deaabe2c3e09c65.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 5642⤵
- Program crash
PID:3068