Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
13-07-2020 20:13
General
-
Target
doc-071320201.exe
-
Size
327KB
-
MD5
a7fe386df37ae66d6f28ed9b91e0278f
-
SHA1
dceb0561f18341c51ee40a453c37953b89797160
-
SHA256
0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee
-
SHA512
ea02095237a9b3559af35051e8d58bacee7ccc4d9127237f73eef6d756e504fe439cb0ba282705dd0aac4f87b6393148c6081453e22e5dc4ac9f0358918780e9
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\doc-071320201.exe"C:\Users\Admin\AppData\Local\Temp\doc-071320201.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken