566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02

Analysis

max time kernel
148s
max time network
150s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
16-09-2022 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
Size

8.2MB
MD5

e6d01f9f20fe2146fb012c785a1e186e
SHA1

4bae2807921d11ab30fe323fbd52ba822696c6f5
SHA256

566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02
SHA512

0b923956bf858a1faa8392f5b33da5ea81c4752227a88c818366023ef16c6ea2282a4ded84516a9c052fe1e86a84f5de68e8027f9a03ad1d05a37228891cc47e
SSDEEP

98304:fyX7WWQ+8Q3R51y+7w0WYwOYA4vWVU4fgcmnH3EPIL6y/JjDa2gt5TRpdnqyi7Mh:9Z+rzMVs4vkmXaYJfaNTq7

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

pid process

2744 566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/2744-182-0x0000000006790000-0x00000000069DC000-memory.dmp	agile_net

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

pid	process
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

description pid process

Token: SeDebugPrivilege 2744 566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

description	pid	process
Token: SeDebugPrivilege	2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

pid	process
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
2744	566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe

C:\Users\Admin\AppData\Local\Temp\566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe
"C:\Users\Admin\AppData\Local\Temp\566e8202728d6c87dca68047d610e08159f96efc61fb7a5439e31cf8135bdb02.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
memory/2744-120-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-121-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-123-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-122-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-124-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-125-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-126-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-127-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-128-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-129-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-130-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-131-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-133-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-132-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-134-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-135-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-136-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-137-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-138-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-139-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-140-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-141-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-142-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-143-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-144-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-145-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-146-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-147-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-148-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-149-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-150-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-151-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-152-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-153-0x0000000000A60000-0x00000000012A2000-memory.dmp

Filesize
8.3MB

Download
memory/2744-154-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-155-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-156-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-157-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-158-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-159-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-160-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-161-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-162-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-163-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-164-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-165-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-166-0x0000000005B60000-0x0000000005BF2000-memory.dmp

Filesize
584KB

Download
memory/2744-167-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-168-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-169-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-170-0x0000000006290000-0x000000000678E000-memory.dmp

Filesize
5.0MB

Download
memory/2744-171-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-172-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-173-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-174-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-175-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-176-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-177-0x0000000005F20000-0x0000000005F2A000-memory.dmp

Filesize
40KB

Download
memory/2744-178-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-179-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-180-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-181-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-182-0x0000000006790000-0x00000000069DC000-memory.dmp

Filesize
2.3MB

Download
memory/2744-183-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-185-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-186-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-188-0x0000000071C30000-0x0000000071CB0000-memory.dmp

Filesize
512KB

Download
memory/2744-187-0x000000006FB50000-0x000000006FB87000-memory.dmp

Filesize
220KB

Download
memory/2744-189-0x0000000006B70000-0x0000000006C8A000-memory.dmp

Filesize
1.1MB

Download
memory/2744-191-0x00000000069E0000-0x0000000006A42000-memory.dmp

Filesize
392KB

Download
memory/2744-190-0x0000000006230000-0x0000000006296000-memory.dmp

Filesize
408KB

Download
memory/2744-192-0x0000000006D30000-0x0000000006DCC000-memory.dmp

Filesize
624KB

Download
memory/2744-193-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-194-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2744-206-0x0000000008F20000-0x0000000008F2A000-memory.dmp

Filesize
40KB

Download
memory/2744-207-0x000000000A1E0000-0x000000000A206000-memory.dmp

Filesize
152KB

Download
memory/2744-213-0x000000000AC90000-0x000000000ACF6000-memory.dmp

Filesize
408KB

Download
memory/2744-239-0x000000006FB50000-0x000000006FB87000-memory.dmp

Filesize
220KB

Download
memory/2744-240-0x0000000005B1A000-0x0000000005B1F000-memory.dmp

Filesize
20KB

Download
memory/2744-241-0x0000000005B1A000-0x0000000005B1F000-memory.dmp

Filesize
20KB

Download
memory/2744-242-0x0000000001860000-0x0000000001864000-memory.dmp

Filesize
16KB

Download
memory/2744-243-0x0000000001860000-0x0000000001864000-memory.dmp

Filesize
16KB

Download
memory/2744-244-0x0000000001864000-0x0000000001867000-memory.dmp

Filesize
12KB

Download
memory/2744-245-0x0000000001864000-0x0000000001867000-memory.dmp

Filesize
12KB

Download
memory/2744-246-0x0000000001867000-0x000000000186A000-memory.dmp

Filesize
12KB

Download
memory/2744-247-0x0000000001867000-0x000000000186A000-memory.dmp

Filesize
12KB

Download
memory/2744-248-0x000000000186A000-0x000000000186F000-memory.dmp

Filesize
20KB

Download
memory/2744-249-0x000000000186A000-0x000000000186F000-memory.dmp

Filesize
20KB

Download