Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
03/02/2023, 19:23
General
-
Target
a8bb4191a8a0dea730def8254967c80db1c2b7d7.exe
-
Size
37KB
-
MD5
0a25dd5660057eb8fa23b8d57d1d4708
-
SHA1
a8bb4191a8a0dea730def8254967c80db1c2b7d7
-
SHA256
f3809eed8c6490f0e42711041dd0d7610ffc043759df52c873184052e36e2af1
-
SHA512
d07d53502f08ccf6662ad85155bac26f109fa2db3d01540370597f25641661212c7a65f6d67b2b49e790e3500dc8506aac59f1c58d926f579d4a3e4348bebb7a
-
SSDEEP
768:fevwNGja1TxGIP+tZSPXLgF43rt+cY/qt5RYVMyc/U24v:fNG21T4IP+tZKX8iJ+xqtfYzcr
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.strictfacilityservices.com - Port:
587 - Username:
[email protected] - Password:
SFS!@#321 - Email To:
[email protected]
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8bb4191a8a0dea730def8254967c80db1c2b7d7.exe"C:\Users\Admin\AppData\Local\Temp\a8bb4191a8a0dea730def8254967c80db1c2b7d7.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"2⤵
- Accesses Microsoft Outlook profiles
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
-
Filesize
32KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
192KB
-
Filesize
5.6MB
-
Filesize
408KB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
320KB
-
Filesize
1.8MB