Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
05/07/2023, 19:40
Behavioral task
behavioral1
Sample
ba081a6c27f67387e65c925040e59c491e9050cd9d1cbeed0ae3111a8ce91529.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
ba081a6c27f67387e65c925040e59c491e9050cd9d1cbeed0ae3111a8ce91529.exe
Resource
win10v2004-20230703-en
General
-
Target
ba081a6c27f67387e65c925040e59c491e9050cd9d1cbeed0ae3111a8ce91529.exe
-
Size
3.1MB
-
MD5
06a400350f54e5786e66b8888ebb5134
-
SHA1
eecf04f948de8e3ad77051ff57bb122663d53a00
-
SHA256
ba081a6c27f67387e65c925040e59c491e9050cd9d1cbeed0ae3111a8ce91529
-
SHA512
d49573e68457a569ca250e1fe420a3905bdc9736d3c61e81ade39f4b0b46e18aeaa1c1fee2f7e3ff5538de79929292c4c073d214494976d235f132426e4a1450
-
SSDEEP
24576:kvx61kbhD0Jmz883vnWb4767zzgo6dZsGNyNlyarXweF6INcvEgIE2LpgL:kvxSk50Qzv3vnWb476BgZZiprXwcjr5w
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/2256-54-0x0000000000400000-0x0000000000722000-memory.dmp agile_net behavioral1/memory/2256-55-0x0000000000400000-0x0000000000722000-memory.dmp agile_net -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2256 ba081a6c27f67387e65c925040e59c491e9050cd9d1cbeed0ae3111a8ce91529.exe 2256 ba081a6c27f67387e65c925040e59c491e9050cd9d1cbeed0ae3111a8ce91529.exe