Overview

overview

10

Static

static

3

2dafed2d89...18.exe

windows7-x64

10

2dafed2d89...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2dafed2d8919d3f2081327eed37b28e6_JaffaCakes118.exe

  • Size

    743KB

  • MD5

    2dafed2d8919d3f2081327eed37b28e6

  • SHA1

    635290d8a7a9c522045b7cdbad14c9c228f36523

  • SHA256

    6a0712ac14ace1977933ffcfa1ed35283aea2c6cf78161a78d25f84d90f9c816

  • SHA512

    307becd9679ee76175a7ad8e7ba4ab1609a4dc9912c6a8fe563f665fb92f2e69f7301896d8762fa588144b41e6e5111950d435709259b3f2a1511c204e6f114f

  • SSDEEP

    12288:Y9twMz8CcvDNqBTdilufZnEM8A5Nm2INpE3q9EDWQr/Xq+3aaqyi3f:qnI5qKlu+Mjg2sE3qYNTXq+3rQ

Score
10/10
zgratagilenetrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dafed2d8919d3f2081327eed37b28e6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2dafed2d8919d3f2081327eed37b28e6_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4852-0-0x000000007539E000-0x000000007539F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4852-1-0x00000000008A0000-0x0000000000964000-memory.dmp

    Filesize

    784KB

    Download

  • memory/4852-2-0x00000000077C0000-0x00000000078F8000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4852-3-0x00000000052E0000-0x0000000005308000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4852-4-0x0000000075390000-0x0000000075B40000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4852-5-0x0000000007EB0000-0x0000000008454000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4852-6-0x00000000079F0000-0x0000000007A82000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4852-8-0x0000000075390000-0x0000000075B40000-memory.dmp

    Filesize

    7.7MB

    Download