resource	yara_rule
behavioral1/memory/3064-71-0x0000020828E20000-0x000002082C654000-memory.dmp	family_zgrat_v1
behavioral1/memory/3064-72-0x0000020849540000-0x000002084964A000-memory.dmp	family_zgrat_v1
behavioral1/memory/3064-76-0x000002082E440000-0x000002082E464000-memory.dmp	family_zgrat_v1

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	uic.1.exe

description	ioc	Process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	uic.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	uic.1.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	uic.1.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	uic.0.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	uic.0.exe

pid	Process
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
3064	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
1652	uic.0.exe
1652	uic.0.exe

pid	Process
2488	uic.1.exe
2488	uic.1.exe
2488	uic.1.exe
2488	uic.1.exe
2488	uic.1.exe
2488	uic.1.exe
2488	uic.1.exe

description	pid	Process	procid_target
PID 660 wrote to memory of 1652	660	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe	96
PID 660 wrote to memory of 1652	660	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe	96
PID 660 wrote to memory of 1652	660	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe	96
PID 660 wrote to memory of 2488	660	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe	98
PID 660 wrote to memory of 2488	660	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe	98
PID 660 wrote to memory of 2488	660	c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0.exe	98
PID 2488 wrote to memory of 3064	2488	uic.1.exe	106
PID 2488 wrote to memory of 3064	2488	uic.1.exe	106

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.