Analysis

  • max time kernel
    59s
  • max time network
    61s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    19-01-2021 07:35

General

  • Target

    ORDER REQUEST.exe

  • Size

    479KB

  • MD5

    3ad45628a2e74399b6d99eba89781b43

  • SHA1

    7f1eed5b73b7e79160cc42ce03e3cc13d6eaaaa3

  • SHA256

    f0c5ea35abfdcdb2308311ff102c729fc064bd53703d5876f81eceff098d5336

  • SHA512

    5d38ae4174d3a8fec12d1b44c0fc0f8cfd8b562a92aecba986a6310c36c922126aa76d031747be95e8413bbbaea1a5e6c74e357dfd6c897dcf1301b1fb1b3acd

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla Payload 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ORDER REQUEST.exe
    "C:\Users\Admin\AppData\Local\Temp\ORDER REQUEST.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Users\Admin\AppData\Local\Temp\ORDER REQUEST.exe
      "C:\Users\Admin\AppData\Local\Temp\ORDER REQUEST.exe"
      2⤵
        PID:1528

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1528-3-0x0000000000000000-mapping.dmp
    • memory/1528-5-0x0000000000400000-0x000000000044D000-memory.dmp
      Filesize

      308KB

    • memory/1676-2-0x0000000075F21000-0x0000000075F23000-memory.dmp
      Filesize

      8KB