2121dd17a15c940eb55be2582dab5a255ea099c56ef41c1440270380bfa6842a

Analysis

max time kernel
95s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2023 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InstAccountsManager/InstAccountsManager.exe
Size

8.9MB
MD5

c94f968c8e7689a38be85b033ff90bc5
SHA1

b5e286bffa6d5df84a4d712329152a2fa3bf8271
SHA256

53944e8f2430803db6e6bbb25c22fde5280977cb3d5675a2820bc342402f788c
SHA512

ebb07126499a081191f827aebbf14bd6361597176f5f08a6b46b82263c37cc94a2a444011c466f105e25a8dbed4ff802c26363fbeaa0310d9353b120d2bc8e56
SSDEEP

49152:V0nKPEcDfbqyz9aUgpdhJvNy/MQHcAoIAM:V0KFDWU9lgzhFUX

Score

8^/10

agilenet

Malware Config

Signatures

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral6/memory/2948-144-0x000001C3F1410000-0x000001C3F15BA000-memory.dmp	agile_net

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

InstAccountsManager.exe

pid process

2948 InstAccountsManager.exe
2948 InstAccountsManager.exe

pid	process
2948	InstAccountsManager.exe
2948	InstAccountsManager.exe

C:\Users\Admin\AppData\Local\Temp\InstAccountsManager\InstAccountsManager.exe
"C:\Users\Admin\AppData\Local\Temp\InstAccountsManager\InstAccountsManager.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2948-133-0x000001C3D33C0000-0x000001C3D3CBA000-memory.dmp

Filesize
9.0MB

Download
memory/2948-134-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-135-0x000001C3D4110000-0x000001C3D412C000-memory.dmp

Filesize
112KB

Download
memory/2948-136-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-137-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-138-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-139-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-140-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-144-0x000001C3F1410000-0x000001C3F15BA000-memory.dmp

Filesize
1.7MB

Download
memory/2948-145-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-147-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-148-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-149-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-152-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-151-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-153-0x000001C3F1340000-0x000001C3F13EA000-memory.dmp

Filesize
680KB

Download
memory/2948-154-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-155-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-156-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-157-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-158-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download
memory/2948-159-0x000001C3D4000000-0x000001C3D4010000-memory.dmp

Filesize
64KB

Download