Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-05-2024 23:22
General
-
Target
52023b5bef184dd2d797d7263d2d2fc3_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
52023b5bef184dd2d797d7263d2d2fc3
-
SHA1
f3acec18ab64edb79c9882e05f4aaaca1be223a3
-
SHA256
e0b69eb31cb55ed63d3c72cf163bb4b1a169a0667de55c7bad34380b64c17a1e
-
SHA512
26cdb2c0ffb2222245e285322a464a21f48e4782b3cc8ff4dc9cedbd25c50abfd0f042b90c72c87adb41e3c31a8195613bd93c62c0860eccd5fcd0e91a4a54f1
-
SSDEEP
24576:4eHaEpawVp/IG968tWeySr3eVJ99W+h7puz2PV:4C/36YWRSr3Ac+hTV
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V2 1 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\52023b5bef184dd2d797d7263d2d2fc3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\52023b5bef184dd2d797d7263d2d2fc3_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 10082⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2012-0-0x0000000074CDE000-0x0000000074CDF000-memory.dmpFilesize
4KB
-
memory/2012-1-0x00000000012E0000-0x0000000001428000-memory.dmpFilesize
1.3MB
-
memory/2012-2-0x0000000074CD0000-0x00000000753BE000-memory.dmpFilesize
6.9MB
-
memory/2012-3-0x0000000000DE0000-0x0000000000E66000-memory.dmpFilesize
536KB
-
memory/2012-4-0x0000000074CDE000-0x0000000074CDF000-memory.dmpFilesize
4KB
-
memory/2012-5-0x0000000074CD0000-0x00000000753BE000-memory.dmpFilesize
6.9MB