873b3f4e9bcdf5c69e3928012df2b4d5fb94cb964f89ba842bdeb575178e031b

Submit
Reports

Overview

overview

Static

static

Ghosty Per...er.rar

windows7-x64

Ghosty Per...er.rar

windows10-2004-x64

Ghosty Per...FN.exe

windows7-x64

Ghosty Per...FN.exe

windows10-2004-x64

Ghosty Per....1.exe

windows7-x64

Ghosty Per....1.exe

windows10-2004-x64

Ghosty Per....1.exe

windows7-x64

Ghosty Per....1.exe

windows10-2004-x64

Ghosty Per...ry.dll

windows7-x64

Ghosty Per...ry.dll

windows10-2004-x64

Ghosty Per...64.dll

windows7-x64

Ghosty Per...64.dll

windows10-2004-x64

Ghosty Per...on.dll

windows7-x64

Ghosty Per...on.dll

windows10-2004-x64

Ghosty Per...ec.dll

windows7-x64

Ghosty Per...ec.dll

windows10-2004-x64

Ghosty Per...z2.dll

windows7-x64

Ghosty Per...z2.dll

windows10-2004-x64

Ghosty Per...pe.dll

windows7-x64

Ghosty Per...pe.dll

windows10-2004-x64

Ghosty Per...ui.ini

windows7-x64

Ghosty Per...ui.ini

windows10-2004-x64

Ghosty Per...16.dll

windows7-x64

Ghosty Per...16.dll

windows10-2004-x64

Ghosty Per...rts.sh

windows7-x64

Ghosty Per...rts.sh

windows10-2004-x64

Ghosty Per...th.sln

windows7-x64

Ghosty Per...th.sln

windows10-2004-x64

Ghosty Per...th.xml

windows7-x64

Ghosty Per...th.xml

windows10-2004-x64

Ghosty Per...ilters

windows7-x64

Ghosty Per...ilters

windows10-2004-x64

Analysis

max time kernel
102s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 22:30

Sharing

Copy URL

Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Ghosty Permanent Spoofer.rar

Resource

win7-20240903-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ghosty Permanent Spoofer.rar

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Ghosty Permanent Spoofer/GHOSTYFN.exe

Resource

win7-20240903-en

orcus defense_evasion discovery rat spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

Ghosty Permanent Spoofer/GHOSTYFN.exe

Resource

win10v2004-20241007-en

orcus defense_evasion discovery rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral5

Sample

Ghosty Permanent Spoofer/KA-LicenseKey_x86_x64_v1.1.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

Ghosty Permanent Spoofer/KA-LicenseKey_x86_x64_v1.1.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

Ghosty Permanent Spoofer/KA-MemIntegrity_x86_x64_v1.1.exe

Resource

win7-20241023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

Ghosty Permanent Spoofer/KA-MemIntegrity_x86_x64_v1.1.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

Ghosty Permanent Spoofer/SafeGuard-Library.dll

Resource

win7-20240729-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

Ghosty Permanent Spoofer/SafeGuard-Library.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral11

Sample

Ghosty Permanent Spoofer/VMProtectSDK64.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Ghosty Permanent Spoofer/VMProtectSDK64.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Ghosty Permanent Spoofer/brotlicommon.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Ghosty Permanent Spoofer/brotlicommon.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Ghosty Permanent Spoofer/brotlidec.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

Ghosty Permanent Spoofer/brotlidec.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Ghosty Permanent Spoofer/bz2.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Ghosty Permanent Spoofer/bz2.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Ghosty Permanent Spoofer/freetype.dll

Resource

win7-20241023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

Ghosty Permanent Spoofer/freetype.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Ghosty Permanent Spoofer/imgui.ini

Resource

win7-20240903-en

discovery

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral22

Sample

Ghosty Permanent Spoofer/imgui.ini

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Ghosty Permanent Spoofer/libpng16.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Ghosty Permanent Spoofer/libpng16.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Ghosty Permanent Spoofer/server/Certificates/generate-certs.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral26

Sample

Ghosty Permanent Spoofer/server/Certificates/generate-certs.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

Ghosty Permanent Spoofer/server/EmuAuth.sln

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral28

Sample

Ghosty Permanent Spoofer/server/EmuAuth.sln

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral29

Sample

Ghosty Permanent Spoofer/server/EmuAuth/EmuAuth.xml

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral30

Sample

Ghosty Permanent Spoofer/server/EmuAuth/EmuAuth.xml

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Ghosty Permanent Spoofer/server/EmuAuth/EmuAuth.vcxproj.filters

Resource

win7-20241023-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral32

Sample

Ghosty Permanent Spoofer/server/EmuAuth/EmuAuth.vcxproj.filters

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

Ghosty Permanent Spoofer.rar
Size

33.5MB
MD5

44a687ff5f4954f86d0a911cec843437
SHA1

c0379b53e62c3aa490435ebec901442cf637d0e7
SHA256

873b3f4e9bcdf5c69e3928012df2b4d5fb94cb964f89ba842bdeb575178e031b
SHA512

9b352b9ba5c0daec9dde3d73d1c13188e19af6590b15f66fcde0337dd1e7a4b8f14913239b1706c057cd0aad91c7b67c8396fb7d28012fb28b13e21585a703a8
SSDEEP

786432:lUyKIZaUx0zxV3l24EosGt9DVfXfIV3iqpGjRSoBFwTWT:lzlN07V243/9RIpiCG9HwTK

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2512	7zFM.exe
Token: 35	2512	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Ghosty Permanent Spoofer.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2512

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads