2389f707ea454c9643631a8936557ea2abb39323d824cbd15759eee10c67cf46 | Triage

Submit
Reports

Overview

overview

Static

static

Ghost+Stealer.zip

windows7-x64

1

Ghost+Stealer.zip

windows10-2004-x64

1

Ghost Stea...xe.xml

windows7-x64

3

Ghost Stea...xe.xml

windows10-2004-x64

1

Ghost Stea...er.pdb

windows7-x64

3

Ghost Stea...er.pdb

windows10-2004-x64

3

Ghost Stea...st.exe

windows7-x64

1

Ghost Stea...st.exe

windows10-2004-x64

6

Ghost Stea...st.exe

windows7-x64

Ghost Stea...st.exe

windows10-2004-x64

Ghost Stea...ib.dll

windows7-x64

1

Ghost Stea...ib.dll

windows10-2004-x64

1

Ghost Stea...ub.exe

windows7-x64

3

Ghost Stea...ub.exe

windows10-2004-x64

Ghost Stea...config

windows7-x64

3

Ghost Stea...config

windows10-2004-x64

3

Analysis

max time kernel
64s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2024 03:42

Sharing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Ghost+Stealer.zip

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ghost+Stealer.zip

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Ghost Stealer/Ghost.builder.exe.xml

Resource

win7-20240704-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

Ghost Stealer/Ghost.builder.exe.xml

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Ghost Stealer/Ghost.builder.pdb

Resource

win7-20240708-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Ghost Stealer/Ghost.builder.pdb

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

Ghost Stealer/Ghost.exe

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Ghost Stealer/Ghost.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral9

Sample

Ghost Stealer/Ghost.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

Ghost Stealer/Ghost.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral11

Sample

Ghost Stealer/ResourceLib.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Ghost Stealer/ResourceLib.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Ghost Stealer/Stub/stub.exe

Resource

win7-20240704-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral14

Sample

Ghost Stealer/Stub/stub.exe

Resource

win10v2004-20240802-en

evasion execution persistence privilege_escalation trojan

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral15

Sample

Ghost Stealer/Stub/stub.exe.config

Resource

win7-20240708-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral16

Sample

Ghost Stealer/Stub/stub.exe.config

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Report Analysis Logs

General

Target

Ghost Stealer/Ghost.builder.exe.xml
Size

163B
MD5

dccd44fb11b8e4ebdfb822e809a54b6f
SHA1

1889d5ae8c7c70c051cbde104af6e0f31f8c1b63
SHA256

6862b25736259f7bfd344e43eea10a703885be381eee2a745ceb12916b01a158
SHA512

dadffe41bdadfc3a79cb34369c9a8b37ce4833aee18058b02dcb13d64007f022b80b63ab404572c60278937cf83b06b00712ff9ee302e725b9d5c7fe14bd5f50

Score

1^/10

Malware Config

Signatures

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Ghost Stealer\Ghost.builder.exe.xml"
1⤵
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x00007FF88BF30000-0x00007FF88BF40000-memory.dmp

Filesize
64KB

Download
memory/1668-1-0x00007FF8CBF4D000-0x00007FF8CBF4E000-memory.dmp

Filesize
4KB

Download
memory/1668-2-0x00007FF8CBEB0000-0x00007FF8CC0A5000-memory.dmp

Filesize
2.0MB

Download
memory/1668-3-0x00007FF8CBEB0000-0x00007FF8CC0A5000-memory.dmp

Filesize
2.0MB

Download
memory/1668-4-0x00007FF8CBEB0000-0x00007FF8CC0A5000-memory.dmp

Filesize
2.0MB

Download

© 2018-2025

Terms | Privacy