Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-03-2024 15:32
General
-
Target
d13bb43ed0d785b7026cbfd743123568.exe
-
Size
826KB
-
MD5
d13bb43ed0d785b7026cbfd743123568
-
SHA1
77921fd7d2a82f9d42a44fee2df3dfd7e1c459f6
-
SHA256
4accc75edd57e5a6e939f1c122ad24949c1305ce70d9796fd57b8d3028f4a8da
-
SHA512
1b1015aed280490ef537297bc093ede2dc32c3f1a66edd713835c047bde10c810d3e75b59f196104d9ac88cb6a1a6b971caa17e91189bb8fe56f46bc10003837
-
SSDEEP
12288:Zu5JfleohV9oasH4EIKGZeBAuUyf1aAjBHwYDxt1YHsH:Zu5Jt5o3H4EIKyDmf1a6wYDjKs
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 34 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Deletes itself 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 44 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe"C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Sleep -s 5; Remove-Item -Path "C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe" -Force2⤵
- Deletes itself
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exeC:\Users\Admin\AppData\Local\Temp\d13bb43ed0d785b7026cbfd743123568.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
672KB
-
Filesize
472KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
848KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
6.9MB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
5.7MB