Overview

overview

10

Static

static

IGUW6LGP.exe

windows7_x64

10

IGUW6LGP.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 12:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IGUW6LGP.exe

  • Size

    729KB

  • MD5

    a978829d640914b88ee160147ba56292

  • SHA1

    f2a019846d5c649238f4c880349186636aaead8f

  • SHA256

    5561987526eb45b89f9ed1220d2544ce4d5bc4b46cb47839e44444a05aab70f8

  • SHA512

    3d245e2978c7df8896a6a9ebbaeedc707a0cb708d54bb5cf1672423c300984e96dade5e962e170bd38ed8a3891a4aee7d54a4f5296daa5193e7ee9c1928af547

Score
10/10
agilenetcoreentityrezer0

Malware Config

Signatures

  • CoreEntity .NET Packer 1 IoCs

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity
  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IGUW6LGP.exe
    "C:\Users\Admin\AppData\Local\Temp\IGUW6LGP.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Users\Admin\AppData\Local\Temp\IGUW6LGP.exe
      "{path}"
      2⤵
        PID:2024
      • C:\Users\Admin\AppData\Local\Temp\IGUW6LGP.exe
        "{path}"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1528-54-0x0000000000D00000-0x0000000000DBC000-memory.dmp
      Filesize

      752KB

      Download
    • memory/1528-55-0x0000000075C51000-0x0000000075C53000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1528-56-0x0000000000500000-0x0000000000508000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1528-57-0x00000000051A0000-0x0000000005256000-memory.dmp
      Filesize

      728KB

      Download
    • memory/1528-58-0x0000000005F30000-0x0000000005FDE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/1528-59-0x0000000000670000-0x0000000000686000-memory.dmp
      Filesize

      88KB

      Download
    • memory/1528-60-0x00000000006B0000-0x00000000006B8000-memory.dmp
      Filesize

      32KB

      Download
    • memory/2028-61-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2028-62-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2028-65-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2028-64-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2028-67-0x00000000004A90BE-mapping.dmp
      Download
    • memory/2028-66-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2028-69-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2028-71-0x0000000000400000-0x00000000004AE000-memory.dmp
      Filesize

      696KB

      Download