Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 12:27
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-13_1dc4a8cb4cdc9f5f4be6919586709cd2_poet-rat_snatch_zxxz.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-13_1dc4a8cb4cdc9f5f4be6919586709cd2_poet-rat_snatch_zxxz.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-13_1dc4a8cb4cdc9f5f4be6919586709cd2_poet-rat_snatch_zxxz.exe
-
Size
25.4MB
-
MD5
1dc4a8cb4cdc9f5f4be6919586709cd2
-
SHA1
90f92966e2a4354beed4bb67657c36c96d236bdc
-
SHA256
d73ca963c4e63658225cd9942a173a4d30ce072e311530cd6db5c7ab65dc91ae
-
SHA512
bace116a39e389c1b601db1ae39b31183f11f95a98c6dccd8b61243b384a154f5abe527f7525532925bc6aef39c1fae7b86245ae239b62d2bb48525ca390c63b
-
SSDEEP
196608:k/zQmBGLG6jOqBgdGNf/ZfvldNfg1wmMzZ/cn9:kbQmULcqBoyvldJg1mz
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2024-06-13_1dc4a8cb4cdc9f5f4be6919586709cd2_poet-rat_snatch_zxxz.exedescription pid process Token: SeDebugPrivilege 2808 2024-06-13_1dc4a8cb4cdc9f5f4be6919586709cd2_poet-rat_snatch_zxxz.exe