Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-02-2024 08:14

General

  • Target

    d6c5410b2d9e45c08deaabe2c3e09c65.exe

  • Size

    5.7MB

  • MD5

    d6c5410b2d9e45c08deaabe2c3e09c65

  • SHA1

    e7fd29cf3488283bb7b43a31f965b9849c2d55cf

  • SHA256

    f9e3c1a6284370cd7b6f8cb5a54d4d5f639a6fe0eb6c9a293d350e6505a3df75

  • SHA512

    3f4a0ba92a7509a2d84aac0fc4d2c8d80144ccc090c664276acb85db487585419f268bb3b27652cdb88010d72ef5bdf66bf56fbfbdf6f4b4a2b2569cb2c3f325

  • SSDEEP

    98304:rdl0LfzHWvOWzAWG6JgBhbwvU4yBSlT+5fge0RMpxkp:rAzHWvNAWG6k4U4yBWq5fWMpI

Score
10/10

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6c5410b2d9e45c08deaabe2c3e09c65.exe
    "C:\Users\Admin\AppData\Local\Temp\d6c5410b2d9e45c08deaabe2c3e09c65.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 564
      2⤵
      • Program crash
      PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2484-0-0x0000000073FA0000-0x000000007468E000-memory.dmp

    Filesize

    6.9MB

  • memory/2484-1-0x00000000011D0000-0x000000000177A000-memory.dmp

    Filesize

    5.7MB

  • memory/2484-2-0x0000000005180000-0x00000000051C0000-memory.dmp

    Filesize

    256KB

  • memory/2484-3-0x0000000073FA0000-0x000000007468E000-memory.dmp

    Filesize

    6.9MB