Overview

overview

10

Static

static

10

GameModeX.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    1670s
  • max time network
    1486s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28-10-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GameModeX.exe

  • Size

    1.7MB

  • MD5

    4ad581a2e48ba58bd79c3256fa023220

  • SHA1

    15a8a3222e20a0681ae6189f9d20238994556905

  • SHA256

    b5c579eec1362555ac716cee6788377179726b4f0f39823bf5fdc8099bc74769

  • SHA512

    2930bb8dbbb7ce34e1999c7008c5689fc25d1d72bd1889415f9ce89ec4b91f95aa838063f5c7c8f1584d8cf4c37ac6b150cd8807e7d65c2942d6104fc9be056d

  • SSDEEP

    24576:/E3mO8ElMvLzcEk1wkBmOxDeRJV1t4sGYazh+a+x5tImfjxDgxjUcYKoyBPvA/Rm:93cEk1/xDebV1t4sGY1ayzjxgCsI/U

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V2 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Zgrat family
    zgrat
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GameModeX.exe
    "C:\Users\Admin\AppData\Local\Temp\GameModeX.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/900-0-0x00007FFA9E893000-0x00007FFA9E895000-memory.dmp

    Filesize

    8KB

    Download

  • memory/900-1-0x000001E9739C0000-0x000001E973B72000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/900-2-0x00007FFA9E890000-0x00007FFA9F352000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/900-3-0x000001E976360000-0x000001E9764AA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/900-4-0x000001E973F90000-0x000001E973F98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/900-5-0x000001E973FF0000-0x000001E973FF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/900-6-0x000001E976300000-0x000001E976316000-memory.dmp

    Filesize

    88KB

    Download

  • memory/900-7-0x00007FFA9E890000-0x00007FFA9F352000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/900-8-0x00007FFA9E890000-0x00007FFA9F352000-memory.dmp

    Filesize

    10.8MB

    Download