Overview

overview

7

Static

static

1

agiledotne...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-03-2023 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    agiledotnetinstaller.exe

  • Size

    13.8MB

  • MD5

    b18e08cd76a64f4311ede5dc0e094420

  • SHA1

    d4f015004fbaeeed2e7a90ef859d4b9f04b3dc20

  • SHA256

    7faf552bacfc8174d2e02142b7379948158c2eac09e4f1872f5dd5f847f8075b

  • SHA512

    f04fc41e0f15d84d45745f78e8eca629f037355be957c99643b3f7d2709a0063102369c7ca54e1b33dbba419770cbdc9a628be798dcbdb09e131fcc8f6c656c6

  • SSDEEP

    393216:PJmTb23oYK6+RF05k/NxDFKZQ0gzkb8HZDozeM2Zwb32n2KTeY:PJ+b24YMKS/NRu10Zz62n2/Y

Score
7/10
agilenetdiscovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Obfuscated with Agile.Net obfuscator 6 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 36 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\agiledotnetinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\agiledotnetinstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:704
    • C:\Users\Admin\AppData\Local\Temp\is-U4U84.tmp\agiledotnetinstaller.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-U4U84.tmp\agiledotnetinstaller.tmp" /SL5="$801C4,14128505,74752,C:\Users\Admin\AppData\Local\Temp\agiledotnetinstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1984
      • C:\Program Files (x86)\SecureTeam\AgileDotNet.exe
        "C:\Program Files (x86)\SecureTeam\AgileDotNet.exe"
        3⤵
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3496

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\SecureTeam\AgileDotNet.Console.VMRuntime.dll
    Filesize

    1.4MB

    MD5

    344925e2ce673d621661052aeb9e9eeb

    SHA1

    d06460b9b424fc5556f4c62d7651065f39544689

    SHA256

    311b0f2c2075056548fa36bb6bd2f6c8e2bfa799a8138278fed2030596934038

    SHA512

    808b48d5c2c2d305fc22fe577be2ce795a275096ff0b5aa714fe8f19624ef152912963d32d352761164af359caa54fedb1baf681bb72f6a1aed6d83326a73a5a

    Download Submit

  • C:\Program Files (x86)\SecureTeam\AgileDotNet.Console.exe
    Filesize

    1.8MB

    MD5

    059cb5027d4ef6b79c638f2a29f3b56b

    SHA1

    23aa18e865a5e38bab487e300391c9d8b81e4440

    SHA256

    13cd32aa9116bdd83258747b2597db8b47304bebdd80fae44499752ef44f2ab9

    SHA512

    e016fd2f1a4ae4e2d12bbbca11f9035176294e461236479c1ea43d6b5d6067c5c7d4dee54fcfe4b33974b09a6b98fcfd8d21f72dacec29f5f9b22bfa165e692b

    Download Submit

  • C:\Program Files (x86)\SecureTeam\AgileDotNet.exe
    Filesize

    1.0MB

    MD5

    e7d5bd6bc49f3b2ea88ac1dc36e477c2

    SHA1

    125ec9a45346db2cdeb14f7037823a79829d21e4

    SHA256

    59b4c6de0d6df7c58bc2db3dedfb0adeb2cda86871f7fb67dd2d3a77dc54d499

    SHA512

    2a4d59f3a309dff5c86ea49600d8db5babc4c4b22fcc94b47ff2e9318e9077ba2f577515bbb1415ba7fbfea9581589cd71d79666927ffca9ed42fe46265e745f

    Download Submit

  • C:\Program Files (x86)\SecureTeam\AgileDotNet.exe
    Filesize

    1.0MB

    MD5

    e7d5bd6bc49f3b2ea88ac1dc36e477c2

    SHA1

    125ec9a45346db2cdeb14f7037823a79829d21e4

    SHA256

    59b4c6de0d6df7c58bc2db3dedfb0adeb2cda86871f7fb67dd2d3a77dc54d499

    SHA512

    2a4d59f3a309dff5c86ea49600d8db5babc4c4b22fcc94b47ff2e9318e9077ba2f577515bbb1415ba7fbfea9581589cd71d79666927ffca9ed42fe46265e745f

    Download Submit

  • C:\Program Files (x86)\SecureTeam\AgileDotNet.exe
    Filesize

    1.0MB

    MD5

    e7d5bd6bc49f3b2ea88ac1dc36e477c2

    SHA1

    125ec9a45346db2cdeb14f7037823a79829d21e4

    SHA256

    59b4c6de0d6df7c58bc2db3dedfb0adeb2cda86871f7fb67dd2d3a77dc54d499

    SHA512

    2a4d59f3a309dff5c86ea49600d8db5babc4c4b22fcc94b47ff2e9318e9077ba2f577515bbb1415ba7fbfea9581589cd71d79666927ffca9ed42fe46265e745f

    Download Submit

  • C:\Program Files (x86)\SecureTeam\AgileDotNetRT64Pro.dll
    Filesize

    1.4MB

    MD5

    843637d9086531f0399662ccde15f110

    SHA1

    4e0402b47f4d42d3b2e51f80682474b33fe70ef8

    SHA256

    5ff6e56b3aae64d9dbf1cadea9d72361cc0c724321fc604f1a165c9ab1ae8daa

    SHA512

    1948344374b8fb04d7a0c7c6c7a90d2113cdb380b7b864dab40f682c2a9b1d14d50d51487e9f758d28e8c21e8a555b031332081f608630fce0f159f1db19d815

    Download Submit

  • C:\Program Files (x86)\SecureTeam\AgileDotNetRT64Pro.dll
    Filesize

    1.4MB

    MD5

    843637d9086531f0399662ccde15f110

    SHA1

    4e0402b47f4d42d3b2e51f80682474b33fe70ef8

    SHA256

    5ff6e56b3aae64d9dbf1cadea9d72361cc0c724321fc604f1a165c9ab1ae8daa

    SHA512

    1948344374b8fb04d7a0c7c6c7a90d2113cdb380b7b864dab40f682c2a9b1d14d50d51487e9f758d28e8c21e8a555b031332081f608630fce0f159f1db19d815

    Download Submit

  • C:\Program Files (x86)\SecureTeam\DevExpress.XtraBars.v12.2.dll
    Filesize

    1024KB

    MD5

    9b7635baa52aa7b5038731e210ab6a96

    SHA1

    0352cdf751b0d1b78fa8d0127027f3e50af2b461

    SHA256

    2c3827063bb6b2697baa5c8fafb03da29ff3d06378360d867de0985cdf8ee80e

    SHA512

    970d6eff261af35b15c4c9c945064a34de4b417db422565b66ab5670858860676bce10922ec28b0dfce18b2d3fcd95ef2cb7b9e425f219c85f58938387f55a88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-39F1G.tmp\AgileDotNet.cjstyles
    Filesize

    433KB

    MD5

    f3d1652de0ad6b02926bff7d7bb0ac02

    SHA1

    41427cb7ee3c263296911f1b153e1d3b6d749afb

    SHA256

    04b58f7e8a622498657672abafe8efa21605796fb29be78df7199da7dbcdf759

    SHA512

    4d6e2caa411a3fc2f91854363fc07898248d9ae9bfb310c98913f657ea6b6a6a41f7fa10274efb025b8bc836b0f760b8f59f9d2fd6191f8caa417dcbed6ff972

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-39F1G.tmp\AgileDotNet.cjstyles
    Filesize

    433KB

    MD5

    f3d1652de0ad6b02926bff7d7bb0ac02

    SHA1

    41427cb7ee3c263296911f1b153e1d3b6d749afb

    SHA256

    04b58f7e8a622498657672abafe8efa21605796fb29be78df7199da7dbcdf759

    SHA512

    4d6e2caa411a3fc2f91854363fc07898248d9ae9bfb310c98913f657ea6b6a6a41f7fa10274efb025b8bc836b0f760b8f59f9d2fd6191f8caa417dcbed6ff972

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-39F1G.tmp\isskin.dll
    Filesize

    385KB

    MD5

    92c2e247392e0e02261dea67e1bb1a5e

    SHA1

    db72fed8771364bf8039b2bc83ed01dda2908554

    SHA256

    25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

    SHA512

    e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-39F1G.tmp\isskin.dll
    Filesize

    385KB

    MD5

    92c2e247392e0e02261dea67e1bb1a5e

    SHA1

    db72fed8771364bf8039b2bc83ed01dda2908554

    SHA256

    25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

    SHA512

    e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-39F1G.tmp\isxdl.dll
    Filesize

    121KB

    MD5

    48ad1a1c893ce7bf456277a0a085ed01

    SHA1

    803997ef17eedf50969115c529a2bf8de585dc91

    SHA256

    b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

    SHA512

    7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-U4U84.tmp\agiledotnetinstaller.tmp
    Filesize

    708KB

    MD5

    35b3f9a516ad4aefa79f71b0841ff6e0

    SHA1

    eb1a56a11e8354873fe541753bf176842523e4e2

    SHA256

    7ffbb10d03cdbf83f31b92f5e4ee424a3672392da0852ac8333c73fcd594c510

    SHA512

    08904a7b2872dd2f81538904e17182bbe9fb533184cfbbca0b955713911b089fcb40a9c39343572c53c75cff6d891a3a58dbe530697746c87ed007ee550234b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-U4U84.tmp\agiledotnetinstaller.tmp
    Filesize

    708KB

    MD5

    35b3f9a516ad4aefa79f71b0841ff6e0

    SHA1

    eb1a56a11e8354873fe541753bf176842523e4e2

    SHA256

    7ffbb10d03cdbf83f31b92f5e4ee424a3672392da0852ac8333c73fcd594c510

    SHA512

    08904a7b2872dd2f81538904e17182bbe9fb533184cfbbca0b955713911b089fcb40a9c39343572c53c75cff6d891a3a58dbe530697746c87ed007ee550234b2

    Download Submit

  • memory/704-133-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/704-222-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1984-196-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-204-0x0000000074FA0000-0x0000000075014000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1984-173-0x0000000075850000-0x00000000758CA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1984-174-0x00000000763F0000-0x0000000076415000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1984-175-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-176-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-177-0x00000000763F0000-0x0000000076415000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1984-178-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-179-0x00000000744E0000-0x0000000074604000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1984-180-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-181-0x0000000075990000-0x0000000075A73000-memory.dmp

    Filesize

    908KB

    Download

  • memory/1984-182-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-183-0x0000000077350000-0x00000000773FF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/1984-184-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-185-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-187-0x0000000075990000-0x0000000075A73000-memory.dmp

    Filesize

    908KB

    Download

  • memory/1984-186-0x00000000762B0000-0x000000007638C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/1984-188-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-190-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-189-0x0000000077350000-0x00000000773FF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/1984-191-0x0000000074FA0000-0x0000000075014000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1984-192-0x00000000744E0000-0x0000000074604000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1984-193-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-194-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-195-0x0000000077350000-0x00000000773FF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/1984-171-0x00000000763F0000-0x0000000076415000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1984-197-0x0000000074FA0000-0x0000000075014000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1984-199-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-198-0x00000000744E0000-0x0000000074604000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1984-201-0x0000000077350000-0x00000000773FF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/1984-202-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-203-0x00000000763F0000-0x0000000076415000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1984-200-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-172-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-205-0x00000000744E0000-0x0000000074604000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1984-206-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-207-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-209-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-208-0x0000000077350000-0x00000000773FF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/1984-210-0x0000000074FA0000-0x0000000075014000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1984-211-0x00000000744E0000-0x0000000074604000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1984-212-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-213-0x00000000762B0000-0x000000007638C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/1984-214-0x0000000075990000-0x0000000075A73000-memory.dmp

    Filesize

    908KB

    Download

  • memory/1984-215-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-216-0x0000000077350000-0x00000000773FF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/1984-217-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-218-0x0000000074FA0000-0x0000000075014000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1984-219-0x00000000744E0000-0x0000000074604000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1984-220-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-170-0x0000000075850000-0x00000000758CA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1984-223-0x0000000075020000-0x0000000075230000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1984-221-0x00000000766C0000-0x0000000076C73000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1984-169-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-168-0x0000000075850000-0x00000000758CA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1984-167-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-144-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-166-0x0000000075850000-0x00000000758CA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1984-165-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-154-0x0000000003A80000-0x0000000003AE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1984-164-0x0000000075850000-0x00000000758CA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/3496-391-0x000000001E040000-0x000000001E214000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3496-388-0x00007FFB04D00000-0x00007FFB05119000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/3496-387-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3496-397-0x000000001E670000-0x000000001E8BC000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3496-403-0x000000001F0D0000-0x000000001F48C000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/3496-384-0x0000000000590000-0x000000000069C000-memory.dmp

    Filesize

    1.0MB

    Download