Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 09:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exe
Resource
win7-20240611-en
3 signatures
150 seconds
General
-
Target
6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exe
-
Size
1.1MB
-
MD5
d348cee2e03ff1a2e0f2cfedf4bfba92
-
SHA1
674f390badc57748cac7a49636656753b5809e8f
-
SHA256
6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d
-
SHA512
ea0164a580a6eb4dd869ce7d980229b40f45c028f2b8ca6e9e1772e496bc6307508a9e6336c7d0f02a853a7d954b1adde3ab10af4fff0969276f03c51fad874d
-
SSDEEP
12288:JtU0PCDHF8sx0d7IeA2O0aEUewwf+iqqHIgAxVGc2KwfZGPbjly3bnXScITNu6RQ:fSDqHYi3RhMI3bntyNum77j2hMno9
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1896-0-0x0000000010000000-0x0000000010180000-memory.dmp family_gh0strat -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exedescription pid process Token: 33 1896 6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exe Token: SeIncBasePriorityPrivilege 1896 6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exe Token: 33 1896 6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exe Token: SeIncBasePriorityPrivilege 1896 6a117f5eb9f4072d7490894ee1912a4397d58948ac890711e82d754827556c7d.exe