Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
15/07/2023, 18:42
Static task
static1
Behavioral task
behavioral1
Sample
ModernUI.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ModernUI.exe
Resource
win10v2004-20230703-en
General
-
Target
ModernUI.exe
-
Size
2.7MB
-
MD5
08fe37a493d41c6cc5ed5187c9a00b82
-
SHA1
524a65c68a967e1eda721aef51dcea67157a6563
-
SHA256
7a3a26888d8d3ca348688acef199fb03d50101c850aff6aaa4fa04b734c59afe
-
SHA512
7c6929fe2051d1dad9bdd0bb771be31b787247798533fa5233fa45c3f55fa2beaf7d60d8621ae8f6a0adaa8570825dab399bbcc1a3ce0cdb46b20078b3d0ed76
-
SSDEEP
49152:JOoKvLM15NNkZgyPS8+jbNZ3u5DE07HH+h9gJapSXMZihNO64gwwQz+5/QlpA4B4:JOoGLW3ktPS8+1Ze5Q0z+hyapTJPgwwl
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 1 IoCs
resource yara_rule behavioral1/memory/2368-69-0x0000000006EF0000-0x00000000070E6000-memory.dmp family_agenttesla -
Loads dropped DLL 2 IoCs
pid Process 2368 ModernUI.exe 2368 ModernUI.exe -
Obfuscated with Agile.Net obfuscator 5 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/2368-61-0x0000000004F60000-0x0000000005152000-memory.dmp agile_net behavioral1/files/0x0009000000012023-59.dat agile_net behavioral1/files/0x0009000000012023-58.dat agile_net behavioral1/memory/2368-63-0x0000000004AF0000-0x0000000004B30000-memory.dmp agile_net behavioral1/files/0x0009000000012023-67.dat agile_net -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
pid Process 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe 2368 ModernUI.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS ModernUI.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer ModernUI.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion ModernUI.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2368 ModernUI.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2368 ModernUI.exe 2368 ModernUI.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
925KB
MD5bbff075e8259c000a248f31ff19b1957
SHA1a15b04799274ce24e6a07393c136ddadd8369078
SHA256a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0
-
Filesize
925KB
MD5bbff075e8259c000a248f31ff19b1957
SHA1a15b04799274ce24e6a07393c136ddadd8369078
SHA256a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0
-
Filesize
925KB
MD5bbff075e8259c000a248f31ff19b1957
SHA1a15b04799274ce24e6a07393c136ddadd8369078
SHA256a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0