Analysis
-
max time kernel
107s -
max time network
105s -
platform
windows7_x64 -
resource
win7v200217 -
submitted
25-03-2020 18:13
General
-
Target
makeve.exe
-
Size
136KB
-
MD5
9fed11cd0c0bc367b30b08650dfba78f
-
SHA1
48ef476625cdbc1f74b83841ffc89e4b46615d05
-
SHA256
c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a
-
SHA512
c884f73eb3481c129fdfa322f6d60452db98d3e9d88378a6f6b51cb88984d48e6a8d0611dbef7dc8de7d5e4cd3f142e7947f9de225590def19bb23c6836e4675
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\makeve.exe"C:\Users\Admin\AppData\Local\Temp\makeve.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"C:\Users\Admin\AppData\Local\Temp\makeve.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken