Overview

overview

10

Static

static

1

cp.exe

windows7-x64

1

cp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2024 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cp.exe

  • Size

    115KB

  • MD5

    adc187b1e5a6b66ca28fd3be5f6790cc

  • SHA1

    ce467cb5d6275cd8289847c77ed9ebaee1c04a89

  • SHA256

    c4e838a74e5baf5dbd86beedff96c1c9353b49ecf2ad362f47a4b134453701ab

  • SHA512

    9f5d187c585a7344375ef5f239d4d10461c3fd5bf6b411e7e85edd8ead1f2994f41e4c62587425de480d05b7ddac7bd4cdd0754e382fcdfeac2f59c8c14105d9

  • SSDEEP

    3072:93gZUdrIQe1ZuWX6gKINkdPbxLaOnwocubCIj57CI7:H+QyubhdEon57v

Score
10/10
zgratpersistencerat

Malware Config

Signatures

  • Detect ZGRat V1 34 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cp.exe
    "C:\Users\Admin\AppData\Local\Temp\cp.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/760-4897-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/760-4899-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/760-4901-0x0000000003180000-0x0000000003190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/760-4926-0x0000000007490000-0x000000000749A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/760-4927-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/760-4928-0x0000000003180000-0x0000000003190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-34-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-40-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-3-0x00000000055C0000-0x00000000055C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2444-4-0x00000000072F0000-0x0000000007510000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-5-0x0000000007AC0000-0x0000000008064000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2444-6-0x00000000075F0000-0x0000000007682000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2444-7-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-8-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-10-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-12-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-14-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-16-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-18-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-20-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-22-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-24-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-26-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-28-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-30-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-32-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-1-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2444-36-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-38-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-2-0x00000000057B0000-0x00000000057C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-42-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-44-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-46-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-48-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-50-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-52-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-54-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-56-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-58-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-60-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-62-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-64-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-66-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-68-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-70-0x00000000072F0000-0x0000000007509000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2444-2031-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2444-2292-0x00000000057B0000-0x00000000057C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-4889-0x0000000002F40000-0x0000000002F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-0-0x0000000000CB0000-0x0000000000CCE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2444-4890-0x0000000007690000-0x00000000076EC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2444-4891-0x0000000007710000-0x000000000775C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2444-4892-0x0000000077C21000-0x0000000077D41000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2444-4893-0x00000000011D0000-0x0000000001224000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2444-4898-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download