Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-04-2024 04:50
Static task
static1
Behavioral task
behavioral1
Sample
MOD.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
MOD.exe
-
Size
435KB
-
MD5
39f127b2722cfd35f5102cad5c3528ba
-
SHA1
5f27952052884953907e6a3b806f5b7f055261dd
-
SHA256
1fad6fe833e520abed8b1937ed2598091545cd8b388188ba3e702c1da0401813
-
SHA512
39fd2e250078cae9be975b9074b3f8eaff331e9682f73aacbf0950d4a7bb55a0c984c1d9d03710e3852b2a0a0c917a769f30871f9fc89df53d95d4c76b834ad6
-
SSDEEP
12288:/r7219cp5VgRdztHiyX9Aa7Cv3FM4pIdW3pArpX:+gpPiDX9yVCdN1X
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2888-0-0x0000000000D40000-0x0000000000DAE000-memory.dmp family_zgrat_v1 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2888-0-0x0000000000D40000-0x0000000000DAE000-memory.dmp family_redline -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3032 2888 WerFault.exe MOD.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
MOD.exedescription pid process target process PID 2888 wrote to memory of 3032 2888 MOD.exe WerFault.exe PID 2888 wrote to memory of 3032 2888 MOD.exe WerFault.exe PID 2888 wrote to memory of 3032 2888 MOD.exe WerFault.exe PID 2888 wrote to memory of 3032 2888 MOD.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2888-0-0x0000000000D40000-0x0000000000DAE000-memory.dmpFilesize
440KB