Overview

overview

10

Static

static

10

ALL.ps1

windows7-x64

8

ALL.ps1

windows10-2004-x64

8

ALL_2542.vbs

windows7-x64

1

ALL_2542.vbs

windows10-2004-x64

1

ALL_LLLLLL...90.vbs

windows7-x64

1

ALL_LLLLLL...90.vbs

windows10-2004-x64

1

ALL_jjnb.vbs

windows7-x64

1

ALL_jjnb.vbs

windows10-2004-x64

1

ALL_kkkkkk...kk.vbs

windows7-x64

1

ALL_kkkkkk...kk.vbs

windows10-2004-x64

1

ALL_steale...89.vbs

windows7-x64

1

ALL_steale...89.vbs

windows10-2004-x64

1

Server.ps1

windows7-x64

10

Server.ps1

windows10-2004-x64

10

Server_1faa.ps1

windows7-x64

1

Server_1faa.ps1

windows10-2004-x64

10

Server_77251.ps1

windows7-x64

1

Server_77251.ps1

windows10-2004-x64

10

Server_LLL...78.ps1

windows7-x64

1

Server_LLL...78.ps1

windows10-2004-x64

10

Server_asnn.ps1

windows7-x64

1

Server_asnn.ps1

windows10-2004-x64

10

Server_lkmm.ps1

windows7-x64

1

Server_lkmm.ps1

windows10-2004-x64

10

Server_lol123.ps1

windows7-x64

1

Server_lol123.ps1

windows10-2004-x64

10

Server_lol_123.ps1

windows7-x64

1

Server_lol_123.ps1

windows10-2004-x64

10

Server_lol...80.ps1

windows7-x64

1

Server_lol...80.ps1

windows10-2004-x64

10

Server_ste...67.ps1

windows7-x64

1

Server_ste...67.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Server.ps1

  • Size

    1.6MB

  • MD5

    b5795726bb04f5f9584184ae1f50777b

  • SHA1

    91b250e76c41066a009b70200c5254a40980228b

  • SHA256

    5d9ba7ab51a7d06ad420cb23f7c1e02b911fe2e25d7af1eebe25d1690231d784

  • SHA512

    10ba2e523af4ccdf3e1e0867aa4d50a58919f5d39073bac17a8ab491f5ce09bcbda0730b9485a503adccfa323642b19e29879a0ad88f609d683080b668ef95fb

  • SSDEEP

    6144:Bc4OfuoxyrvHyRmUVWZatYgOXqrDSArJFDN:xpul

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Server.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2872-4-0x000000001B680000-0x000000001B962000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/2872-6-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2872-5-0x00000000027F0000-0x00000000027F8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/2872-7-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-8-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2872-9-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-10-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-11-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-12-0x0000000002BE0000-0x0000000002BFE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2872-13-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2872-14-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-15-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2872-16-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-17-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2872-18-0x0000000002CA0000-0x0000000002D20000-memory.dmp
    Filesize

    512KB

    Download