zgrat | 7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 20:17

Target

Sentinel.exe
Size

1.7MB
MD5

a991bca8b1b12edcef7ea9365083910a
SHA1

c2a87723dc3a20162e84062fd3420c07be74f56c
SHA256

7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d
SHA512

edf63d41a1b2bdc5db90bbc33254a400c3ab182fd8eea530c326907208857a3a58fe5fa379934daf41423576f8b589a41541c62f302cbf04028251fe6faa7e4f
SSDEEP

24576:6Z8lPrl9NaJd9N11gdlCaGApu8Fk1VM+q2fv3BrUIQxgcEQXwBNtr91L8Cu:bPpuW7G98FkPMYv3Br6ZDStp9

Score

10^/10

zgrat rat

Detect ZGRat V2 1 IoCs

resource	yara_rule
behavioral1/memory/2936-3-0x0000000004CA0000-0x0000000004D80000-memory.dmp	family_zgrat_v2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2156	2936	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2156	2936	Sentinel.exe	28
PID 2936 wrote to memory of 2156	2936	Sentinel.exe	28
PID 2936 wrote to memory of 2156	2936	Sentinel.exe	28
PID 2936 wrote to memory of 2156	2936	Sentinel.exe	28

C:\Users\Admin\AppData\Local\Temp\Sentinel.exe
"C:\Users\Admin\AppData\Local\Temp\Sentinel.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 872
  2⤵
  - Program crash
  PID:2156

memory/2936-0-0x00000000742CE000-0x00000000742CF000-memory.dmp

Filesize
4KB

Download
memory/2936-1-0x00000000003E0000-0x0000000000590000-memory.dmp

Filesize
1.7MB

Download
memory/2936-2-0x00000000742C0000-0x00000000749AE000-memory.dmp

Filesize
6.9MB

Download
memory/2936-3-0x0000000004CA0000-0x0000000004D80000-memory.dmp

Filesize
896KB

Download
memory/2936-4-0x0000000004D80000-0x0000000004E1C000-memory.dmp

Filesize
624KB

Download
memory/2936-6-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/2936-5-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/2936-7-0x00000000742C0000-0x00000000749AE000-memory.dmp

Filesize
6.9MB

Download
memory/2936-8-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download