Overview

overview

10

Static

static

3

a64609feb0...ba.exe

windows7-x64

10

a64609feb0...ba.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-02-2024 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a64609feb0d9955ae617f71141225cba.exe

  • Size

    818KB

  • MD5

    a64609feb0d9955ae617f71141225cba

  • SHA1

    b4a16cda26aad808b1206b683ebce9ec82005a07

  • SHA256

    5dabf8a97f60ebb9c51e86fc57888989511adf92cfb478c9f7a85cb152c232b2

  • SHA512

    471c68d7a9789e35255cb09dd4a407642bf655d5543d2991ff4ae8721ec97495907f71bb3fc7692368984246b372ab7ee4a5ba12304e3c259959301a3e60141a

  • SSDEEP

    12288:KfZFuKzFV3ahKIQGraTQBBZepucskf1GcdB1U03Fl89dHu:Ug63ahdqa7Qf1G4U03G0

Score
10/10
zgratpersistencerat

Malware Config

Signatures

  • Detect ZGRat V1 34 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
    "C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
      C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
      2⤵
        PID:2372
      • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
        C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
        2⤵
          PID:2444
        • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
          C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
          2⤵
            PID:2592
          • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
            C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
            2⤵
              PID:1528
            • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
              C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
              2⤵
                PID:552
              • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                2⤵
                  PID:388
                • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                  C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                  2⤵
                    PID:1156
                  • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                    C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                    2⤵
                      PID:860
                    • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                      C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                      2⤵
                        PID:1932
                      • C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                        C:\Users\Admin\AppData\Local\Temp\a64609feb0d9955ae617f71141225cba.exe
                        2⤵
                          PID:2328

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/2144-0-0x0000000000330000-0x0000000000402000-memory.dmp

                        Filesize

                        840KB

                        Download

                      • memory/2144-1-0x0000000073F40000-0x000000007462E000-memory.dmp

                        Filesize

                        6.9MB

                        Download

                      • memory/2144-2-0x00000000020A0000-0x00000000020E0000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/2144-3-0x0000000073F40000-0x000000007462E000-memory.dmp

                        Filesize

                        6.9MB

                        Download

                      • memory/2144-4-0x00000000020A0000-0x00000000020E0000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/2144-5-0x00000000020A0000-0x00000000020E0000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/2144-6-0x0000000005EA0000-0x0000000005F46000-memory.dmp

                        Filesize

                        664KB

                        Download

                      • memory/2144-7-0x0000000008150000-0x00000000081BC000-memory.dmp

                        Filesize

                        432KB

                        Download

                      • memory/2144-8-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-9-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-11-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-13-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-15-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-17-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-19-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-21-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-23-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-25-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-27-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-31-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-33-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-35-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-37-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-29-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-39-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-41-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-43-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-45-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-47-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-49-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-51-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-55-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-53-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-57-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-59-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-61-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-63-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-65-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-67-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-69-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-71-0x0000000008150000-0x00000000081B6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/2144-2098-0x00000000020A0000-0x00000000020E0000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/2144-2100-0x0000000073F40000-0x000000007462E000-memory.dmp

                        Filesize

                        6.9MB

                        Download