Overview

overview

10

Static

static

10

PO OAU_MAR...DF.scr

windows7-x64

10

PO OAU_MAR...DF.scr

windows10-2004-x64

10

Analysis

  • max time kernel
    13s
  • max time network
    3s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO OAU_MARQTRFA00541·PDF.scr

  • Size

    2.2MB

  • MD5

    71f1764ff86578373d0e43ba72624422

  • SHA1

    744455346e589dd9c9ea57a7e487d97be33c1086

  • SHA256

    b0e95c2afd35df5658a658db20cd09e317ef9824953c8a2caa7a3481ccda67cc

  • SHA512

    7f791881c202fa4e428102e15b3bacde9d9f7f65715585c4ae0f79c3c9dcadf44fff7990c65204ff71f8313dae88844ad66b70ebc61d925f1cbd322b04262628

  • SSDEEP

    49152:+0ceU1s2TQNvOAbvtJAntMpSlbSrYGbgN0Jq:zceU1PQdOMfAtMp+b2s

Score
10/10
purelogstealerzgratratstealer

Malware Config

Signatures

  • Detect ZGRat V1 34 IoCs
  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

    stealerpurelogstealer
  • PureLog Stealer payload 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO OAU_MARQTRFA00541·PDF.scr
    "C:\Users\Admin\AppData\Local\Temp\PO OAU_MARQTRFA00541·PDF.scr" /S
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1488-1-0x00000000741D0000-0x00000000748BE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1488-0-0x0000000000070000-0x00000000002AC000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-2-0x0000000004A80000-0x0000000004AC0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1488-3-0x0000000004EE0000-0x0000000005110000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-4-0x0000000005110000-0x0000000005340000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-6-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-5-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-10-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-8-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-12-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-16-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-14-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-22-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-20-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-18-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-26-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-24-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-28-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-34-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-32-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-30-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-68-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-66-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-64-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-62-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-60-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-58-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-56-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-54-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-52-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-50-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-48-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-46-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-44-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-42-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-40-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-38-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1488-36-0x0000000005110000-0x000000000533B000-memory.dmp
    Filesize

    2.2MB

    Download