Overview

overview

10

Static

static

Requiremen...88.exe

windows7-x64

10

Requiremen...88.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    49s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2022 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Requirement _889456288.exe

  • Size

    979KB

  • MD5

    cc3a511b9bcadc7eb922e5c577a952af

  • SHA1

    8faaa6d1d150ef40510ea74e43d5f0be44c3463b

  • SHA256

    9a8560f1669a01559efce59861f36556ef1ab3ec28a8e380c03ff3f9ff35b039

  • SHA512

    eb79e6477fb55503574ce96beb39fc87b88bfc6fe73b7c5d70cabebb63b8871b1047aff19a5737d6240e3433d3d380eccae128787ca33f0bb89e478e65305311

  • SSDEEP

    24576:0sU2Sz24xNn3ugU6o/Oj0QcWo5/bU7fEeqYd:XU2624n3uRHe7chYE6

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Requirement _889456288.exe
    "C:\Users\Admin\AppData\Local\Temp\Requirement _889456288.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:1320

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1088-54-0x0000000000260000-0x0000000000358000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1320-55-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-56-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-58-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-59-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-61-0x0000000000435A2E-mapping.dmp

    Download

  • memory/1320-60-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-63-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-65-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1320-66-0x0000000076681000-0x0000000076683000-memory.dmp

    Filesize

    8KB

    Download