256864d01e10f13f207b94efadddd3687aaa7f2a1ab29c8e9fe9a8ae8f524e1f | Triage

Analysis

max time kernel
11s
max time network
13s
platform
windows7_x64
resource
win7v20210410
submitted
03-05-2021 05:40

Sharing

Report Analysis Logs

General

Target

DHL Express shipment waybill number 8318869311.exe
Size

657KB
MD5

6cff6009b60518027e644a36dffcb4f8
SHA1

cd3d592fdf7fe3e2341a48ceb1b79ed330cb3e98
SHA256

256864d01e10f13f207b94efadddd3687aaa7f2a1ab29c8e9fe9a8ae8f524e1f
SHA512

7c11f916bc83af23ebb7aa03045b60b5fa0539e8edf7bf98f6c5c592ed4c36ea4ca751024182dfc7be337d78e21ce207389fb75fd05cf4f34ad6d1c5284859b9

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Processes:

resource	yara_rule
behavioral1/memory/752-64-0x0000000000440000-0x0000000000461000-memory.dmp	agile_net

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

DHL Express shipment waybill number 8318869311.exe

pid process

752 DHL Express shipment waybill number 8318869311.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DHL Express shipment waybill number 8318869311.exe

description pid process

Token: SeDebugPrivilege 752 DHL Express shipment waybill number 8318869311.exe

C:\Users\Admin\AppData\Local\Temp\DHL Express shipment waybill number 8318869311.exe
"C:\Users\Admin\AppData\Local\Temp\DHL Express shipment waybill number 8318869311.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-60-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/752-62-0x0000000004A60000-0x0000000004A61000-memory.dmp

Filesize
4KB

Download
memory/752-64-0x0000000000440000-0x0000000000461000-memory.dmp

Filesize
132KB

Download
memory/752-65-0x0000000004A61000-0x0000000004A62000-memory.dmp

Filesize
4KB

Download