Overview

overview

10

Static

static

1

DOOR-MET_23045112.exe

windows7-x64

10

Resubmissions

03-04-2023 18:17

230403-ww794aab7s 8

03-04-2023 18:16

230403-wwe9baab6x 10

03-04-2023 14:33

230403-rwvlsafc83 10

Analysis

  • max time kernel
    47s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03-04-2023 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DOOR-MET_23045112.exe

  • Size

    658KB

  • MD5

    f4a6d37fefe83f89c2f6b1f253bb9c2c

  • SHA1

    58ac04dfcc1f0bbf7c41181102f9371a67cda336

  • SHA256

    788e583861d0022304a8013dcf66be0e312402d6154f5a7788f1d67518583c7e

  • SHA512

    37f6a03d1356aa442ddc61c230549282fa5f5ce8d3aac4792e26cbbb51f75090b0ab8a0e9139304ee6b89530662cf2ee24033573b80f8b81a27fbcf6ee220e0f

  • SSDEEP

    12288:q6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:Sku/6gQMc6uqhrqW/N

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DOOR-MET_23045112.exe
    "C:\Users\Admin\AppData\Local\Temp\DOOR-MET_23045112.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:740
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:336

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/336-62-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/336-64-0x0000000002B10000-0x0000000002B20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/336-63-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/740-71-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/740-70-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/740-69-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/740-68-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/740-67-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/1544-58-0x0000000004DE0000-0x0000000004E20000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1544-61-0x0000000004DE0000-0x0000000004E20000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1544-60-0x0000000004DE0000-0x0000000004E20000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1544-65-0x0000000000540000-0x000000000055A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1544-66-0x00000000004E0000-0x00000000004E6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1544-59-0x0000000004DE0000-0x0000000004E20000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1544-54-0x0000000000FA0000-0x000000000104A000-memory.dmp

      Filesize

      680KB

      Download

    • memory/1544-57-0x0000000000350000-0x0000000000368000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1544-56-0x0000000000410000-0x000000000045A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1544-55-0x0000000004DE0000-0x0000000004E20000-memory.dmp

      Filesize

      256KB

      Download