Analysis
-
max time kernel
59s -
max time network
61s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
19-01-2021 07:35
Static task
static1
Behavioral task
behavioral1
Sample
ORDER REQUEST.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ORDER REQUEST.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
ORDER REQUEST.exe
-
Size
479KB
-
MD5
3ad45628a2e74399b6d99eba89781b43
-
SHA1
7f1eed5b73b7e79160cc42ce03e3cc13d6eaaaa3
-
SHA256
f0c5ea35abfdcdb2308311ff102c729fc064bd53703d5876f81eceff098d5336
-
SHA512
5d38ae4174d3a8fec12d1b44c0fc0f8cfd8b562a92aecba986a6310c36c922126aa76d031747be95e8413bbbaea1a5e6c74e357dfd6c897dcf1301b1fb1b3acd
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1528-5-0x0000000000400000-0x000000000044D000-memory.dmp family_agenttesla -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ORDER REQUEST.exedescription pid process target process PID 1676 wrote to memory of 1528 1676 ORDER REQUEST.exe ORDER REQUEST.exe PID 1676 wrote to memory of 1528 1676 ORDER REQUEST.exe ORDER REQUEST.exe PID 1676 wrote to memory of 1528 1676 ORDER REQUEST.exe ORDER REQUEST.exe PID 1676 wrote to memory of 1528 1676 ORDER REQUEST.exe ORDER REQUEST.exe