Malware Analysis Report

2025-06-15 21:44

Sample ID 230407-2kdt1ach2s
Target Mercurial.Grabber.v1.03.rar
SHA256 3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

Threat Level: Shows suspicious behavior

The file Mercurial.Grabber.v1.03.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-07 22:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-07 22:38

Reported

2023-04-07 22:39

Platform

win10-20230220-en

Max time kernel

52s

Max time network

60s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp

Files

memory/2012-121-0x0000000000670000-0x00000000009AA000-memory.dmp

memory/2012-122-0x0000000005840000-0x0000000005D3E000-memory.dmp

memory/2012-123-0x0000000005220000-0x00000000052B2000-memory.dmp

memory/2012-124-0x00000000051D0000-0x00000000051DA000-memory.dmp

memory/2012-125-0x00000000051E0000-0x00000000051FC000-memory.dmp

memory/2012-126-0x0000000005410000-0x0000000005430000-memory.dmp

memory/2012-127-0x0000000005440000-0x0000000005460000-memory.dmp

memory/2012-128-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-129-0x0000000005460000-0x0000000005470000-memory.dmp

memory/2012-130-0x0000000005490000-0x00000000054A4000-memory.dmp

memory/2012-131-0x00000000054A0000-0x000000000550E000-memory.dmp

memory/2012-132-0x0000000005520000-0x000000000553E000-memory.dmp

memory/2012-133-0x0000000005550000-0x0000000005586000-memory.dmp

memory/2012-134-0x00000000055A0000-0x00000000055AE000-memory.dmp

memory/2012-135-0x00000000055B0000-0x00000000055BE000-memory.dmp

memory/2012-136-0x0000000005D40000-0x0000000005E8A000-memory.dmp

memory/2012-137-0x0000000005E90000-0x0000000005FA6000-memory.dmp

memory/2012-138-0x0000000005FB0000-0x0000000005FE0000-memory.dmp

memory/2012-139-0x0000000008B70000-0x0000000008B78000-memory.dmp

memory/2012-140-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-141-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-142-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-143-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-144-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-145-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-146-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-147-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-148-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-149-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-150-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-151-0x000000000C650000-0x000000000C750000-memory.dmp

memory/2012-152-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2012-153-0x000000000C650000-0x000000000C750000-memory.dmp

memory/2012-154-0x000000000C650000-0x000000000C750000-memory.dmp

memory/2012-155-0x000000000C650000-0x000000000C750000-memory.dmp

memory/2012-156-0x000000000C650000-0x000000000C750000-memory.dmp

memory/2012-157-0x000000000C650000-0x000000000C750000-memory.dmp