Overview

overview

10

Static

static

3

QUOTATION_...DF.scr

windows7-x64

10

QUOTATION_...DF.scr

windows10-2004-x64

10

Analysis

  • max time kernel
    36s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2024 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QUOTATION_MARQTRA031244·PDF.scr

  • Size

    2.8MB

  • MD5

    2dbfe9bcbfabc3bff58b533c3476bafd

  • SHA1

    dc5203b898c5c376c05ac6c42af1a0051077f268

  • SHA256

    5b18cfc544be536be80a503accd17e1ac815ead94a702b83398aed17cf8223f6

  • SHA512

    0c96c6824c51556f50a416fbd0d26f51bcf369b6af56c8043dcdbfc27224f6b1cda82b3bce9fdcdf306b3afb34c77958c81e4bc2592bff33147ece1ba70f97d9

  • SSDEEP

    49152:y7/SxvrzAN7LzMe0Uf9r/7p84b0osRYPDEjqPz3QETw70UBKnEEbdxm84:dqLbDf9r/7p84AFaEjqPrQET+rEbbL

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 34 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QUOTATION_MARQTRA031244·PDF.scr
    "C:\Users\Admin\AppData\Local\Temp\QUOTATION_MARQTRA031244·PDF.scr" /S
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2880-0-0x0000000000F90000-0x0000000001268000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/2880-1-0x0000000074470000-0x0000000074B5E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2880-2-0x0000000004A60000-0x0000000004C90000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-3-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-4-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-6-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-8-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-10-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-12-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-14-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-16-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-18-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-20-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-22-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-24-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-26-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-28-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-30-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-32-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-34-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-36-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-38-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-40-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-42-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-44-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-46-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-48-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-50-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-52-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-54-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-56-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-58-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-60-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-62-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-64-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-66-0x0000000004A60000-0x0000000004C8A000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2880-4883-0x0000000004A20000-0x0000000004A60000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2880-4884-0x00000000004D0000-0x00000000004D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2880-4885-0x0000000004940000-0x00000000049AC000-memory.dmp
    Filesize

    432KB

    Download
  • memory/2880-4886-0x0000000000C00000-0x0000000000C4C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/2880-4887-0x0000000074470000-0x0000000074B5E000-memory.dmp
    Filesize

    6.9MB

    Download