Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-04-2024 18:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
OwnCheat.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
OwnCheat.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
OwnCheat.exe
-
Size
462KB
-
MD5
adcf088bea6905d093229562ff62fee0
-
SHA1
e7b83c9844472d36a9e3eae60622626c51d76ea8
-
SHA256
9f52a7ac90fff99eb407a0d377aed95920b7e62b492848e74f11fef5d59c7002
-
SHA512
9b9ba4cdcacf0cd26b48a50f2eafec19b5e3e32adc07c4b8d7af3d1bfe836b39c4502bd9e1e616814f1d3adf272fc0421ac2a7e14b65f4a8a15a86db810ee79c
-
SSDEEP
12288:xdy0t/5TvlSRKJCyscfmiBYLRY7i4nzqjFdry:T/5jlZxmiYRR4Udr
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2088-0-0x00000000013E0000-0x0000000001458000-memory.dmp family_zgrat_v1 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2088-0-0x00000000013E0000-0x0000000001458000-memory.dmp family_redline -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2404 2088 WerFault.exe OwnCheat.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
OwnCheat.exedescription pid process target process PID 2088 wrote to memory of 2404 2088 OwnCheat.exe WerFault.exe PID 2088 wrote to memory of 2404 2088 OwnCheat.exe WerFault.exe PID 2088 wrote to memory of 2404 2088 OwnCheat.exe WerFault.exe PID 2088 wrote to memory of 2404 2088 OwnCheat.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2088-0-0x00000000013E0000-0x0000000001458000-memory.dmpFilesize
480KB