2121dd17a15c940eb55be2582dab5a255ea099c56ef41c1440270380bfa6842a

Analysis

max time kernel
32s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-05-2023 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InstAccountsManager/InstAccountsManager.exe
Size

8.9MB
MD5

c94f968c8e7689a38be85b033ff90bc5
SHA1

b5e286bffa6d5df84a4d712329152a2fa3bf8271
SHA256

53944e8f2430803db6e6bbb25c22fde5280977cb3d5675a2820bc342402f788c
SHA512

ebb07126499a081191f827aebbf14bd6361597176f5f08a6b46b82263c37cc94a2a444011c466f105e25a8dbed4ff802c26363fbeaa0310d9353b120d2bc8e56
SSDEEP

49152:V0nKPEcDfbqyz9aUgpdhJvNy/MQHcAoIAM:V0KFDWU9lgzhFUX

Score

8^/10

agilenet

Malware Config

Signatures

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral5/memory/1424-63-0x000000001FAB0000-0x000000001FC5A000-memory.dmp	agile_net

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

InstAccountsManager.exe

pid process

1424 InstAccountsManager.exe
1424 InstAccountsManager.exe

pid	process
1424	InstAccountsManager.exe
1424	InstAccountsManager.exe

C:\Users\Admin\AppData\Local\Temp\InstAccountsManager\InstAccountsManager.exe
"C:\Users\Admin\AppData\Local\Temp\InstAccountsManager\InstAccountsManager.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1424-54-0x0000000000F50000-0x000000000184A000-memory.dmp

Filesize
9.0MB

Download
memory/1424-55-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-56-0x0000000000440000-0x000000000045C000-memory.dmp

Filesize
112KB

Download
memory/1424-57-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-58-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-59-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-63-0x000000001FAB0000-0x000000001FC5A000-memory.dmp

Filesize
1.7MB

Download
memory/1424-65-0x00000000006C0000-0x00000000006D0000-memory.dmp

Filesize
64KB

Download
memory/1424-66-0x00000000006C0000-0x00000000006D0000-memory.dmp

Filesize
64KB

Download
memory/1424-68-0x000000001B310000-0x000000001B3BA000-memory.dmp

Filesize
680KB

Download
memory/1424-69-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-70-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-71-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-72-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-73-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1424-74-0x00000000006C0000-0x00000000006D0000-memory.dmp

Filesize
64KB

Download
memory/1424-75-0x00000000006C0000-0x00000000006D0000-memory.dmp

Filesize
64KB

Download
memory/1424-76-0x00000000006C0000-0x00000000006D0000-memory.dmp

Filesize
64KB

Download
memory/1424-77-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download