Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-03-2024 05:46
Behavioral task
behavioral1
Sample
b3f053c1c01d2a8837f7fe4326229a45.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b3f053c1c01d2a8837f7fe4326229a45.exe
Resource
win10v2004-20240226-en
General
-
Target
b3f053c1c01d2a8837f7fe4326229a45.exe
-
Size
124KB
-
MD5
b3f053c1c01d2a8837f7fe4326229a45
-
SHA1
860c6db177cc9946455a1c315d2aa69f57fa58a9
-
SHA256
5c3aa56e0b423b3e51d4021593b62a98b0df597b7d023311466a37caad3de13d
-
SHA512
9fc9cb23d35d27e73ecc5e60285a84a6a41a1730bda9e0c2b9cabf9579bbf274035317155503d9d3c724b6c5e88acf3d31ac7d367faeebdb34a025c703570e33
-
SSDEEP
3072:fn8vyFwFD6HDIgRAD+rG8RsaESUjx/kKYjzr:fn86FjHm4G0JGjxstjH
Malware Config
Signatures
-
Gh0st RAT payload 2 IoCs
resource yara_rule behavioral1/memory/1784-0-0x0000000000400000-0x0000000000421000-memory.dmp family_gh0strat behavioral1/files/0x000b000000012241-2.dat family_gh0strat -
Sets DLL path for service in the registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Microsoft MR\Parameters\ServiceDll = "C:\\Windows\\system32\\Service.dll" b3f053c1c01d2a8837f7fe4326229a45.exe -
Deletes itself 1 IoCs
pid Process 2200 svchost.exe -
Loads dropped DLL 1 IoCs
pid Process 2200 svchost.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\Service.dll b3f053c1c01d2a8837f7fe4326229a45.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3f053c1c01d2a8837f7fe4326229a45.exe"C:\Users\Admin\AppData\Local\Temp\b3f053c1c01d2a8837f7fe4326229a45.exe"1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
PID:1784
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs1⤵
- Deletes itself
- Loads dropped DLL
PID:2200
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
117KB
MD50101d0958b571bd8f6d661b23919f637
SHA1c37af878d385e05b507a60c012fb2c85e46f7c5c
SHA256b231ee3bbd620f6595232b370599981d977adf6b67ce2ee7333a743094610c38
SHA5126c8e98204ca9ce9d8ab314ccbb49f0ea5fc1c80f90ee286754f54769915bdbf458fdbc29b7534e1df4c8d51810b2f829c02dea133249ae53dd97d535c7c4bf71