Analysis
-
max time kernel
115s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
15-03-2023 13:32
Behavioral task
behavioral1
Sample
Multi-X_v1.2-Unpacked.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
Multi-X_v1.2-Unpacked.exe
-
Size
24.6MB
-
MD5
cf386e252de869bbcd0f226a95857509
-
SHA1
6ebbaff3e4448c73b89298d5fb972d18026a40e8
-
SHA256
cc4efaaba90c0141aecfe2992543ffdc9b80b20d8213b51f52606861fd5bad89
-
SHA512
9b5073709369822113004d7a5bde324234a3d7e98b5e69f1abaa4a4f7c75ef98ad75cc38fa6bb8ed882299d05be6e46d5593c48595f2b3e1e1edb75368e4dce6
-
SSDEEP
196608:fhuGzT1iRHmGUDXeOaJVivbsv6wX7KAltYBMzm0k1ipuQxYWMs+y4A:fhueqGxDXeJJV2wF88Ispuy
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/5016-133-0x0000000000090000-0x00000000008F2000-memory.dmp agile_net -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3972 5016 WerFault.exe Multi-X_v1.2-Unpacked.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Multi-X_v1.2-Unpacked.exe"C:\Users\Admin\AppData\Local\Temp\Multi-X_v1.2-Unpacked.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 8042⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5016 -ip 50161⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5016-133-0x0000000000090000-0x00000000008F2000-memory.dmpFilesize
8.4MB