Malware Analysis Report

2025-05-28 16:27

Sample ID 230715-xcg48sce2w
Target ModernUI.exe
SHA256 7a3a26888d8d3ca348688acef199fb03d50101c850aff6aaa4fa04b734c59afe
Tags
agilenet agenttesla keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a3a26888d8d3ca348688acef199fb03d50101c850aff6aaa4fa04b734c59afe

Threat Level: Known bad

The file ModernUI.exe was found to be: Known bad.

Malicious Activity Summary

agilenet agenttesla keylogger spyware stealer trojan

AgentTesla

AgentTesla payload

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-15 18:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-15 18:42

Reported

2023-07-15 18:45

Platform

win10v2004-20230703-en

Max time kernel

150s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ModernUI.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ModernUI.exe

"C:\Users\Admin\AppData\Local\Temp\ModernUI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 32.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
NL 2.19.194.32:443 assets.msn.com tcp
US 8.8.8.8:53 32.194.19.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 216.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

memory/2920-134-0x0000000000C20000-0x0000000000EDC000-memory.dmp

memory/2920-133-0x0000000074AE0000-0x0000000075290000-memory.dmp

memory/2920-135-0x0000000005A10000-0x0000000005A20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\65292B6E.dll

MD5 bbff075e8259c000a248f31ff19b1957
SHA1 a15b04799274ce24e6a07393c136ddadd8369078
SHA256 a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512 825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0

memory/2920-141-0x0000000005C20000-0x0000000005E12000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\65292B6E.dll

MD5 bbff075e8259c000a248f31ff19b1957
SHA1 a15b04799274ce24e6a07393c136ddadd8369078
SHA256 a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512 825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0

memory/2920-143-0x00000000032A0000-0x00000000032A1000-memory.dmp

memory/2920-144-0x00000000032A0000-0x00000000032A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\65292B6E.dll

MD5 bbff075e8259c000a248f31ff19b1957
SHA1 a15b04799274ce24e6a07393c136ddadd8369078
SHA256 a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512 825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0

memory/2920-146-0x000000000C260000-0x000000000C804000-memory.dmp

memory/2920-147-0x0000000008930000-0x00000000089C2000-memory.dmp

memory/2920-148-0x00000000083A0000-0x00000000083AA000-memory.dmp

memory/2920-149-0x0000000005A10000-0x0000000005A20000-memory.dmp

memory/2920-150-0x0000000005A10000-0x0000000005A20000-memory.dmp

memory/2920-151-0x0000000074AE0000-0x0000000075290000-memory.dmp

memory/2920-152-0x0000000005A10000-0x0000000005A20000-memory.dmp

memory/2920-153-0x00000000032A0000-0x00000000032A1000-memory.dmp

memory/2920-154-0x0000000005A10000-0x0000000005A20000-memory.dmp

memory/2920-155-0x0000000005A10000-0x0000000005A20000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-15 18:42

Reported

2023-07-15 18:45

Platform

win7-20230712-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ModernUI.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ModernUI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ModernUI.exe

"C:\Users\Admin\AppData\Local\Temp\ModernUI.exe"

Network

N/A

Files

memory/2368-54-0x0000000074980000-0x000000007506E000-memory.dmp

memory/2368-53-0x0000000001330000-0x00000000015EC000-memory.dmp

memory/2368-55-0x0000000004AF0000-0x0000000004B30000-memory.dmp

memory/2368-61-0x0000000004F60000-0x0000000005152000-memory.dmp

\Users\Admin\AppData\Local\Temp\65292B6E.dll

MD5 bbff075e8259c000a248f31ff19b1957
SHA1 a15b04799274ce24e6a07393c136ddadd8369078
SHA256 a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512 825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0

\Users\Admin\AppData\Local\Temp\65292B6E.dll

MD5 bbff075e8259c000a248f31ff19b1957
SHA1 a15b04799274ce24e6a07393c136ddadd8369078
SHA256 a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512 825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0

memory/2368-63-0x0000000004AF0000-0x0000000004B30000-memory.dmp

memory/2368-65-0x0000000004AF0000-0x0000000004B30000-memory.dmp

memory/2368-64-0x0000000004AF0000-0x0000000004B30000-memory.dmp

memory/2368-66-0x00000000007D0000-0x00000000007D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\65292B6E.dll

MD5 bbff075e8259c000a248f31ff19b1957
SHA1 a15b04799274ce24e6a07393c136ddadd8369078
SHA256 a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512 825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0

memory/2368-68-0x00000000067E0000-0x00000000069C0000-memory.dmp

memory/2368-69-0x0000000006EF0000-0x00000000070E6000-memory.dmp

memory/2368-70-0x00000000070F0000-0x00000000074F6000-memory.dmp

memory/2368-71-0x0000000004AF0000-0x0000000004B30000-memory.dmp

memory/2368-72-0x0000000074980000-0x000000007506E000-memory.dmp

memory/2368-73-0x0000000004AF0000-0x0000000004B30000-memory.dmp