Overview

overview

10

Static

static

10

01598af6a7...cs.exe

windows7-x64

10

01598af6a7...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01598af6a70a105d03e7759fef28f580_NeikiAnalytics.exe

  • Size

    337KB

  • MD5

    01598af6a70a105d03e7759fef28f580

  • SHA1

    062acc53741d0aa41c3b5db443bdfcf8b1024690

  • SHA256

    affa3dfd1f5a12c36dc46f95339fad0be78922aba6f27775da779b33fc4ad09e

  • SHA512

    87f0431e4a63287b8bb6441f1a1fc2b45ff1b00df07248ae0e7951ca11e4e16c7e6505e249af32406c91b5b1059b3211f11b97fa6df1ae2aee7d9f146bbfdd87

  • SSDEEP

    6144:N13ux89dP66zqTyRYD2K5CvUr1PbGo74xvVNqY0DX:Sx89EpDD2K5OUBPwNwZ

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of AdjustPrivilegeToken 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01598af6a70a105d03e7759fef28f580_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\01598af6a70a105d03e7759fef28f580_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4296-1-0x0000000000DF0000-0x0000000000E4A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4296-0-0x00007FFD4EDA3000-0x00007FFD4EDA5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4296-2-0x00007FFD4EDA0000-0x00007FFD4F861000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4296-3-0x000000001EFA0000-0x000000001F0AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4296-4-0x000000001BBD0000-0x000000001BBE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4296-5-0x000000001BF10000-0x000000001BF4C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4296-6-0x000000001BD20000-0x000000001BEC9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4296-8-0x00007FFD4EDA3000-0x00007FFD4EDA5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4296-9-0x00007FFD4EDA0000-0x00007FFD4F861000-memory.dmp

    Filesize

    10.8MB

    Download