Analysis
-
max time kernel
17s -
max time network
37s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
22/04/2023, 17:39
Static task
static1
Behavioral task
behavioral1
Sample
AzureDONTCHANGENAME.exe
Resource
win10-20230220-en
3 signatures
300 seconds
General
-
Target
AzureDONTCHANGENAME.exe
-
Size
19.8MB
-
MD5
bcf4e24dc466da921d0032c3dbcd7c6f
-
SHA1
daed5051c7acb82d93aa792df5ddbb41c2264f17
-
SHA256
0adf239cd19c06489172261bebdb04a000678a7ceec120cfe115839a2999bef6
-
SHA512
c057f8dd819fc821e9321e456f99db6b52d07882854a082c5ad4561014cda1051819a55ab8b10202fef06c46d752d26014ed36115cfe93f7c2690c5f3e64a32a
-
SSDEEP
393216:7YMxuYnnDpg9demBEWJ71CdNVV8QuM2jlQprdbhkSQN9i:T0uDpgJJd1CrVeQuM2JQfbqM
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/4116-126-0x000000000A570000-0x000000000A6BA000-memory.dmp agile_net -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4116 AzureDONTCHANGENAME.exe