cf314e04a9b8f745f165e228aa4959aba24f8dde93cdd20f9c2d4ba7f6b3fb9b

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 17:01

Target

chatgpt_rat.exe
Size

76.0MB
MD5

412cc4eabe9c7cbe3893e331c9f7d48a
SHA1

2165ca768695a7fc3d62a46b5ad995630db72bed
SHA256

cf314e04a9b8f745f165e228aa4959aba24f8dde93cdd20f9c2d4ba7f6b3fb9b
SHA512

0cc6f0fe8bb0b66ba4eeb5920628de47db9f056b025cb50f9d21c7d4c597678d37a8f42d86a75c8601dff4e6cf016e677ee9e979b1605e03d67500c00f89784d
SSDEEP

1572864:ifcQtk6/01CpnLX5WJoWbgWRSgkNOXWxtQSNdiIB2qHWB75iliZo0Wu1A1K8:scc/7pLX5M3gbcKCwB2qHO5i0W0UU8

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2892	chatgpt_rat.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2892	2176	chatgpt_rat.exe	28
PID 2176 wrote to memory of 2892	2176	chatgpt_rat.exe	28
PID 2176 wrote to memory of 2892	2176	chatgpt_rat.exe	28

C:\Users\Admin\AppData\Local\Temp\chatgpt_rat.exe
"C:\Users\Admin\AppData\Local\Temp\chatgpt_rat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\chatgpt_rat.exe
  "C:\Users\Admin\AppData\Local\Temp\chatgpt_rat.exe"
  2⤵
  - Loads dropped DLL
  PID:2892

C:\Users\Admin\AppData\Local\Temp\_MEI21762\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit