Malware Analysis Report

2025-06-15 21:21

Sample ID 230422-v8my9ahf5z
Target AzureDONTCHANGENAME.exe
SHA256 0adf239cd19c06489172261bebdb04a000678a7ceec120cfe115839a2999bef6
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0adf239cd19c06489172261bebdb04a000678a7ceec120cfe115839a2999bef6

Threat Level: Shows suspicious behavior

The file AzureDONTCHANGENAME.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Legitimate hosting services abused for malware hosting/C2

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-22 17:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-22 17:39

Reported

2023-04-22 17:40

Platform

win10-20230220-en

Max time kernel

17s

Max time network

37s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AzureDONTCHANGENAME.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AzureDONTCHANGENAME.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AzureDONTCHANGENAME.exe

"C:\Users\Admin\AppData\Local\Temp\AzureDONTCHANGENAME.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp
US 104.20.67.143:443 pastebin.com tcp
US 8.8.8.8:53 143.67.20.104.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 188.114.97.0:443 keyauth.win tcp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp

Files

memory/4116-116-0x0000000000550000-0x0000000001932000-memory.dmp

memory/4116-117-0x0000000007A20000-0x0000000007F1E000-memory.dmp

memory/4116-118-0x00000000075C0000-0x0000000007652000-memory.dmp

memory/4116-119-0x0000000003CB0000-0x0000000003CC2000-memory.dmp

memory/4116-120-0x0000000003C40000-0x0000000003C4A000-memory.dmp

memory/4116-121-0x0000000007550000-0x000000000755A000-memory.dmp

memory/4116-122-0x0000000007F20000-0x000000000816E000-memory.dmp

memory/4116-123-0x0000000008170000-0x00000000082BE000-memory.dmp

memory/4116-124-0x0000000007950000-0x0000000007964000-memory.dmp

memory/4116-125-0x0000000003BF0000-0x0000000003C00000-memory.dmp

memory/4116-126-0x000000000A570000-0x000000000A6BA000-memory.dmp

memory/4116-127-0x00000000079E0000-0x0000000007A00000-memory.dmp

memory/4116-128-0x00000000073F0000-0x0000000007420000-memory.dmp

memory/4116-129-0x0000000009320000-0x0000000009436000-memory.dmp

memory/4116-130-0x0000000003BF0000-0x0000000003C00000-memory.dmp

memory/4116-131-0x0000000003BF0000-0x0000000003C00000-memory.dmp

memory/4116-132-0x000000000E100000-0x000000000E13E000-memory.dmp

memory/4116-133-0x0000000003BF0000-0x0000000003C00000-memory.dmp

memory/4116-134-0x0000000003BF0000-0x0000000003C00000-memory.dmp

memory/4116-135-0x0000000003BF0000-0x0000000003C00000-memory.dmp