Overview

overview

10

Static

static

10

Mercurial.exe

windows7_x64

7

Mercurial.exe

windows10_x64

7

Resubmissions

14-07-2021 22:41

210714-vsqba8ntwx 10

09-07-2021 17:41

210709-23heck7hd6 10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    14-07-2021 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mercurial.exe

  • Size

    3.2MB

  • MD5

    a9477b3e21018b96fc5d2264d4016e65

  • SHA1

    493fa8da8bf89ea773aeb282215f78219a5401b7

  • SHA256

    890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645

  • SHA512

    66529a656865400fe37d40ae125a1d057f8be5aa17da80d367ebbe1a9dcea38f5174870d0dc5b56771f6ca5a13e2fad22d803f5357f3ef59a46e3bdf0cc5ee9c

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 11 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
    "C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1820-60-0x0000000000FC0000-0x0000000000FC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1820-62-0x0000000000480000-0x0000000000499000-memory.dmp
    Filesize

    100KB

    Download
  • memory/1820-63-0x00000000004E0000-0x00000000004FD000-memory.dmp
    Filesize

    116KB

    Download
  • memory/1820-64-0x0000000000970000-0x000000000098B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/1820-65-0x0000000000990000-0x000000000099C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1820-66-0x00000000009C0000-0x00000000009D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1820-67-0x0000000004AD0000-0x0000000004B3A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/1820-68-0x00000000009D0000-0x00000000009EA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1820-69-0x0000000000A60000-0x0000000000A92000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1820-70-0x0000000004B80000-0x0000000004B81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1820-71-0x0000000000AA0000-0x0000000000AAA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1820-72-0x0000000000AB0000-0x0000000000ABA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1820-73-0x0000000004EA0000-0x0000000004FE5000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1820-74-0x0000000005310000-0x0000000005424000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1820-75-0x0000000000F90000-0x0000000000FBA000-memory.dmp
    Filesize

    168KB

    Download
  • memory/1820-76-0x0000000006340000-0x0000000006346000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1820-78-0x0000000004B86000-0x0000000004B97000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1820-77-0x0000000004B81000-0x0000000004B82000-memory.dmp
    Filesize

    4KB

    Download