Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 13:34
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
file.exe
-
Size
3.7MB
-
MD5
e77976974a972c65cb25253540f47991
-
SHA1
186cc8aecf6d842617847664b7749cfa51a6670d
-
SHA256
9d7d0bf89ec473e919eb4c8de51b48f90e5afdc94fd99c09f94863f78086c432
-
SHA512
ee4e679e948e8d42a704df0e1dca106056da65c48e7ca97aec5c5c0720569be78027e72c57773f16b6bc1cbd1ba2cb0a04238c19e3116af7176f73bd8c9ecb17
-
SSDEEP
98304:QaSNSfTz9wabjIKXScmmZ6n205zg1FNd:QaSNSfTzCafV0Ay205E1F
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule behavioral1/memory/1904-1-0x0000000001340000-0x00000000016F8000-memory.dmp family_zgrat_v1 -
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule behavioral1/memory/1904-1-0x0000000001340000-0x00000000016F8000-memory.dmp net_reactor -
Program crash 1 IoCs
pid pid_target Process procid_target 2896 1904 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1904 wrote to memory of 2896 1904 file.exe 28 PID 1904 wrote to memory of 2896 1904 file.exe 28 PID 1904 wrote to memory of 2896 1904 file.exe 28 PID 1904 wrote to memory of 2896 1904 file.exe 28