Overview

overview

10

Static

static

10

iplookup.exe

windows7-x64

10

iplookup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    73s
  • max time network
    74s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    iplookup.exe

  • Size

    2.1MB

  • MD5

    cb4903c1c4f23b021905da634c002f04

  • SHA1

    c2ccf3a1e5037c6e540b94a59e2c367ba8cd9090

  • SHA256

    49945b5eb3f80e6bb9dba81c6c6f643245bb0831ce2f6e5abf4db12ab6709b76

  • SHA512

    7f632331ba7f2fdd3c76f7f158a1cd6e79be796f2dc9f9149b7a071bb77b35fc4f0c6f189a8179eaf4947533513a3f926c879c50c8cf6cb13abdd424113f48fa

  • SSDEEP

    49152:PFkR/VWoA1QfIBoq2Pkbu5Gk6hQW/3f2V1mPzidqz/CIaB2w:NkR/VMCGvj/vYkP9aB

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\iplookup.exe
    "C:\Users\Admin\AppData\Local\Temp\iplookup.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3124-0-0x000000007451E000-0x000000007451F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3124-1-0x0000000000330000-0x000000000054E000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3124-2-0x00000000056E0000-0x0000000005C84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3124-3-0x0000000004FB0000-0x0000000005042000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3124-4-0x0000000074510000-0x0000000074CC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3124-5-0x0000000074510000-0x0000000074CC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3124-6-0x00000000053E0000-0x00000000053EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3124-7-0x0000000074510000-0x0000000074CC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3124-8-0x000000007451E000-0x000000007451F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3124-9-0x0000000074510000-0x0000000074CC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3124-10-0x00000000093C0000-0x00000000093E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3124-11-0x00000000093F0000-0x0000000009744000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3124-12-0x0000000074510000-0x0000000074CC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3124-14-0x0000000074510000-0x0000000074CC0000-memory.dmp

    Filesize

    7.7MB

    Download