Overview

overview

10

Static

static

3

noncrypted...ub.exe

windows7-x64

10

noncrypted...ub.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-04-2024 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    noncryptedmainstub.exe

  • Size

    632KB

  • MD5

    9eab8c5d7b1f4659a787cc77d571f03b

  • SHA1

    27ce5d456d44b2d0ce994b14b11e8c5ffeabf385

  • SHA256

    1254ede011ea7c8ba1658bab1c14877d1a2dc85f8b4e2d04be6c5fc65f1c32b8

  • SHA512

    1fcfa030dac1c6fb573c614c1564e663086b518fa376ce3bbf90da6b1ecc8d065f91c90d6f6efea23c27efce720b90847869d0eef84ce4939fb1f43d7d0eafd9

  • SSDEEP

    12288:waOcj6gjLcJD/VF3AlAp2jLre/i6g578+3NruqK1lMdMD6QVCh5Iy5C:wuHj4JzQlq2j2/iJ78KNzK1lMCGGCR

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious behavior: EnumeratesProcesses 61 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\noncryptedmainstub.exe
    "C:\Users\Admin\AppData\Local\Temp\noncryptedmainstub.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2392-0-0x000000013FDF0000-0x000000013FE92000-memory.dmp
    Filesize

    648KB

    Download
  • memory/2392-1-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2392-2-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-3-0x000000001B7C0000-0x000000001B8C2000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2392-4-0x000000001B220000-0x000000001B276000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2392-5-0x00000000020C0000-0x000000000210C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/2392-6-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-7-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-8-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-9-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2392-10-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-11-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-12-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2392-13-0x000000001B990000-0x000000001BA10000-memory.dmp
    Filesize

    512KB

    Download