0adf239cd19c06489172261bebdb04a000678a7ceec120cfe115839a2999bef6

Analysis

max time kernel
17s
max time network
37s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22-04-2023 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AzureDONTCHANGENAME.exe
Size

19.8MB
MD5

bcf4e24dc466da921d0032c3dbcd7c6f
SHA1

daed5051c7acb82d93aa792df5ddbb41c2264f17
SHA256

0adf239cd19c06489172261bebdb04a000678a7ceec120cfe115839a2999bef6
SHA512

c057f8dd819fc821e9321e456f99db6b52d07882854a082c5ad4561014cda1051819a55ab8b10202fef06c46d752d26014ed36115cfe93f7c2690c5f3e64a32a
SSDEEP

393216:7YMxuYnnDpg9demBEWJ71CdNVV8QuM2jlQprdbhkSQN9i:T0uDpgJJd1CrVeQuM2JQfbqM

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/4116-126-0x000000000A570000-0x000000000A6BA000-memory.dmp	agile_net

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

AzureDONTCHANGENAME.exe

description pid process

Token: SeDebugPrivilege 4116 AzureDONTCHANGENAME.exe

description	pid	process
Token: SeDebugPrivilege	4116	AzureDONTCHANGENAME.exe

C:\Users\Admin\AppData\Local\Temp\AzureDONTCHANGENAME.exe
"C:\Users\Admin\AppData\Local\Temp\AzureDONTCHANGENAME.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4116

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4116-116-0x0000000000550000-0x0000000001932000-memory.dmp

Filesize
19.9MB

Download
memory/4116-117-0x0000000007A20000-0x0000000007F1E000-memory.dmp

Filesize
5.0MB

Download
memory/4116-118-0x00000000075C0000-0x0000000007652000-memory.dmp

Filesize
584KB

Download
memory/4116-119-0x0000000003CB0000-0x0000000003CC2000-memory.dmp

Filesize
72KB

Download
memory/4116-120-0x0000000003C40000-0x0000000003C4A000-memory.dmp

Filesize
40KB

Download
memory/4116-121-0x0000000007550000-0x000000000755A000-memory.dmp

Filesize
40KB

Download
memory/4116-122-0x0000000007F20000-0x000000000816E000-memory.dmp

Filesize
2.3MB

Download
memory/4116-123-0x0000000008170000-0x00000000082BE000-memory.dmp

Filesize
1.3MB

Download
memory/4116-124-0x0000000007950000-0x0000000007964000-memory.dmp

Filesize
80KB

Download
memory/4116-125-0x0000000003BF0000-0x0000000003C00000-memory.dmp

Filesize
64KB

Download
memory/4116-126-0x000000000A570000-0x000000000A6BA000-memory.dmp

Filesize
1.3MB

Download
memory/4116-127-0x00000000079E0000-0x0000000007A00000-memory.dmp

Filesize
128KB

Download
memory/4116-128-0x00000000073F0000-0x0000000007420000-memory.dmp

Filesize
192KB

Download
memory/4116-129-0x0000000009320000-0x0000000009436000-memory.dmp

Filesize
1.1MB

Download
memory/4116-130-0x0000000003BF0000-0x0000000003C00000-memory.dmp

Filesize
64KB

Download
memory/4116-131-0x0000000003BF0000-0x0000000003C00000-memory.dmp

Filesize
64KB

Download
memory/4116-132-0x000000000E100000-0x000000000E13E000-memory.dmp

Filesize
248KB

Download
memory/4116-133-0x0000000003BF0000-0x0000000003C00000-memory.dmp

Filesize
64KB

Download
memory/4116-134-0x0000000003BF0000-0x0000000003C00000-memory.dmp

Filesize
64KB

Download
memory/4116-135-0x0000000003BF0000-0x0000000003C00000-memory.dmp

Filesize
64KB

Download