zgrat | 99edccbceab0f05ccff7eb0d41e885b53d323bfaadd5da5699173a6aa2673915

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 22:52

Target

CHETO_PC.exe
Size

6.2MB
MD5

3d9b9f001c35769d0c3ff2f112d90a83
SHA1

6a250a74f5f191cd9d801ed3c06331f5373bbaf0
SHA256

84aceac4509de7324667af032799ad33c7afeadaa02fc9ca1cd7ee8e0c1d4531
SHA512

1cdf92019a3563dfef9f864fe85d5a4868e4208e3fba21eb4c654cfecc61b424554505bc004e5cef1a2d3ed4946b179f990411a4ece6602c99f4937b7b4ee795
SSDEEP

98304:KozLwLwrQfcfNeioG5Uy1MY4NS5On3dRdtS85kFXyoMxX1msHGH:KozLuqQfc7oGPKY4NS5ORE8kVy7lbHGH

Score

10^/10

zgrat rat

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/1488-0-0x00000000009E0000-0x000000000100E000-memory.dmp	family_zgrat_v1

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2240	1488	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2240	1488	CHETO_PC.exe	29
PID 1488 wrote to memory of 2240	1488	CHETO_PC.exe	29
PID 1488 wrote to memory of 2240	1488	CHETO_PC.exe	29
PID 1488 wrote to memory of 2240	1488	CHETO_PC.exe	29

C:\Users\Admin\AppData\Local\Temp\CHETO_PC.exe
"C:\Users\Admin\AppData\Local\Temp\CHETO_PC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 564
  2⤵
  - Program crash
  PID:2240

memory/1488-1-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download
memory/1488-0-0x00000000009E0000-0x000000000100E000-memory.dmp

Filesize
6.2MB

Download
memory/1488-2-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download
memory/1488-3-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download
memory/1488-4-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download
memory/1488-5-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download