Resubmissions
19-02-2023 12:07
230219-pafjmaeh7w 7Analysis
-
max time kernel
140s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-es -
resource tags
arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows -
submitted
19-02-2023 12:07
Static task
static1
Behavioral task
behavioral1
Sample
Striker.exe
Resource
win7-20220812-es
Behavioral task
behavioral2
Sample
Striker.exe
Resource
win10v2004-20221111-es
General
-
Target
Striker.exe
-
Size
3.5MB
-
MD5
3506e72217d5206c43afa993546008aa
-
SHA1
caaa849768a6db9a08c1ca3dba8f31ab8669d04f
-
SHA256
0fb8caced876c692d3ed1cfe956b07b1acb9128ff36f07783500deadfad4a8fd
-
SHA512
c077270ef57c52c8c42d51afedba9e1229e40f1b198a2181d1fcfb7bb20fed29af9bdcc4150c4f721f61a40baa965b6b8a8cb90257e7cf2d954e62fc759ce68e
-
SSDEEP
98304:5shZSJb/1czHpcaBoIJAQtKixNWoiJk5VLjkwOh:5G4bi/B3JBLCoiCL4
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/1756-73-0x0000000001F60000-0x0000000001F96000-memory.dmp agile_net behavioral1/memory/1756-74-0x000000001E150000-0x000000001E244000-memory.dmp agile_net -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Striker.exepid process 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe 1756 Striker.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Striker.exedescription pid process Token: SeDebugPrivilege 1756 Striker.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1756-54-0x000000013F810000-0x000000013FB9C000-memory.dmpFilesize
3.5MB
-
memory/1756-55-0x000000001BA10000-0x000000001BD7A000-memory.dmpFilesize
3.4MB
-
memory/1756-56-0x000000001ADA0000-0x000000001AE8A000-memory.dmpFilesize
936KB
-
memory/1756-57-0x0000000000150000-0x0000000000156000-memory.dmpFilesize
24KB
-
memory/1756-64-0x0000000000170000-0x0000000000176000-memory.dmpFilesize
24KB
-
memory/1756-69-0x000000001CF80000-0x000000001D238000-memory.dmpFilesize
2.7MB
-
memory/1756-70-0x000000001C430000-0x000000001C5A6000-memory.dmpFilesize
1.5MB
-
memory/1756-71-0x0000000000560000-0x0000000000592000-memory.dmpFilesize
200KB
-
memory/1756-72-0x000000001A8E6000-0x000000001A905000-memory.dmpFilesize
124KB
-
memory/1756-73-0x0000000001F60000-0x0000000001F96000-memory.dmpFilesize
216KB
-
memory/1756-74-0x000000001E150000-0x000000001E244000-memory.dmpFilesize
976KB
-
memory/1756-75-0x00000000005D0000-0x00000000005D8000-memory.dmpFilesize
32KB
-
memory/1756-76-0x0000000001F40000-0x0000000001F46000-memory.dmpFilesize
24KB
-
memory/1756-77-0x000000001A8E6000-0x000000001A905000-memory.dmpFilesize
124KB