Analysis
-
max time kernel
149s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
07-07-2024 12:13
General
-
Target
9c419cf8d32e4cd39af954615acd843a4973ef1b77ccb52078347fea02d2826f.exe
-
Size
1.3MB
-
MD5
20b295c8fd283535f320c239d6985c7d
-
SHA1
a3ed1afbf6de8dded8f670c4ce18a865dc5fd1ad
-
SHA256
9c419cf8d32e4cd39af954615acd843a4973ef1b77ccb52078347fea02d2826f
-
SHA512
abed3803c429c85d7360f872387a0e120794ca04275bcf21f807ebaff2606f42331f7f5a3ee69817b8ad103837af95c14fb36081103ecf8c9df93cb931030c20
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNA:QHPkVOBTK
Score
10/10
Malware Config
Signatures
-
Detect PurpleFox Rootkit 1 IoCs
Detect PurpleFox Rootkit.
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c419cf8d32e4cd39af954615acd843a4973ef1b77ccb52078347fea02d2826f.exe"C:\Users\Admin\AppData\Local\Temp\9c419cf8d32e4cd39af954615acd843a4973ef1b77ccb52078347fea02d2826f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB