Overview

overview

3

Static

static

3

ghost-1.0.4.zip

windows11-21h2-x64

1

ghost-1.0....ORS.md

windows11-21h2-x64

3

ghost-1.0....LOG.md

windows11-21h2-x64

3

ghost-1.0.4/LICENSE

windows11-21h2-x64

1

ghost-1.0.4/README.md

windows11-21h2-x64

3

ghost-1.0....st.dll

windows11-21h2-x64

3

ghost-1.0....st.exp

windows11-21h2-x64

3

ghost-1.0....st.lib

windows11-21h2-x64

3

ghost-1.0....st.dll

windows11-21h2-x64

3

ghost-1.0....st.exp

windows11-21h2-x64

3

ghost-1.0....st.lib

windows11-21h2-x64

3

ghost-1.0....t.html

windows11-21h2-x64

3

ghost-1.0....on.ico

windows11-21h2-x64

3

ghost-1.0....et.exe

windows11-21h2-x64

3

ghost-1.0....rypt.h

windows11-21h2-x64

3

ghost-1.0....fo.cpp

windows11-21h2-x64

3

ghost-1.0....ib.cpp

windows11-21h2-x64

3

ghost-1.0....tlib.h

windows11-21h2-x64

3

ghost-1.0....urce.h

windows11-21h2-x64

3

ghost-1.0....fo.cpp

windows11-21h2-x64

3

ghost-1.0....er.cpp

windows11-21h2-x64

3

ghost-1.0....ader.h

windows11-21h2-x64

3

ghost-1.0....acks.h

windows11-21h2-x64

3

ghost-1.0....nfig.h

windows11-21h2-x64

3

ghost-1.0....sole.h

windows11-21h2-x64

3

ghost-1.0..../gui.h

windows11-21h2-x64

3

ghost-1.0....info.h

windows11-21h2-x64

3

ghost-1.0....ni.cpp

windows11-21h2-x64

3

ghost-1.0..../ini.h

windows11-21h2-x64

3

ghost-1.0....urce.h

windows11-21h2-x64

3

ghost-1.0....er.cpp

windows11-21h2-x64

3

ghost-1.0....fo.cpp

windows11-21h2-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    99s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-09-2024 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ghost-1.0.4/_src/server/ini.cpp

  • Size

    6KB

  • MD5

    7027833361de0285a89e7d62ad7bba53

  • SHA1

    df96627eba35db9da1bb8bc51eb0cba99cb8d04b

  • SHA256

    e887cdd85fdc182b90c2431b3d0ef5a633a2584da453ade9a40e522d12e38453

  • SHA512

    d45bc6c756e022018502a3436e84dce7dcae02debe8ecf5c2bca0e99274926cb5b2205af0bdcc76e6c632b9c346edb4f422014414caf73e833ef180ecead3463

  • SSDEEP

    192:CvHVu24bHdFJBhRBZM12yWjxziYTRrm/b:CvHVu7hJm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ghost-1.0.4\_src\server\ini.cpp
    1⤵
    • Modifies registry class
    PID:4328
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads