20f69fc0609c1493ee81aba90a2b8fc856b80a9ae0967f73bfba405ae18aacd0

Analysis

max time kernel
61s
max time network
19s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 14:10

Target

xavHub.exe
Size

5.0MB
MD5

606cdb97c475ca7cb02419294d1b8325
SHA1

20b51d428e9a2ee185333f16c991c6ea4ea4e9c2
SHA256

1eaefc8ee0bd10dc4fbe069f739e8a147baf8b4452d6511b1ee802c761c24077
SHA512

6bc4779058531e1e8724828235bde26f74e2c27b981134dac68dbdab3c8cd847517dde29c4957b96dd0231367931d24352cef7fa465755a37c5b6d3247da6b03
SSDEEP

98304:IzjuCvE/t7ZCWqrxToDqMZxNVigngWBCUY9rF5OfTdn2603Irj5W94z9OUSa:fJ/tVrMt4qMZxNoggICUurF5OWydW94O

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
behavioral1/memory/2896-57-0x00000000068C0000-0x0000000006A7E000-memory.dmp	agile_net
behavioral1/memory/2896-58-0x0000000006D50000-0x0000000006E9A000-memory.dmp	agile_net

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3048	2896	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 3048	2896	xavHub.exe	28
PID 2896 wrote to memory of 3048	2896	xavHub.exe	28
PID 2896 wrote to memory of 3048	2896	xavHub.exe	28
PID 2896 wrote to memory of 3048	2896	xavHub.exe	28

C:\Users\Admin\AppData\Local\Temp\xavHub.exe
"C:\Users\Admin\AppData\Local\Temp\xavHub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 1064
  2⤵
  - Program crash
  PID:3048

memory/2896-53-0x0000000000060000-0x0000000000560000-memory.dmp

Filesize
5.0MB

Download
memory/2896-54-0x00000000746E0000-0x0000000074DCE000-memory.dmp

Filesize
6.9MB

Download
memory/2896-55-0x0000000004DE0000-0x0000000004E20000-memory.dmp

Filesize
256KB

Download
memory/2896-56-0x00000000054E0000-0x00000000058B6000-memory.dmp

Filesize
3.8MB

Download
memory/2896-57-0x00000000068C0000-0x0000000006A7E000-memory.dmp

Filesize
1.7MB

Download
memory/2896-58-0x0000000006D50000-0x0000000006E9A000-memory.dmp

Filesize
1.3MB

Download
memory/2896-59-0x0000000002330000-0x0000000002354000-memory.dmp

Filesize
144KB

Download
memory/2896-60-0x0000000006B80000-0x0000000006BB0000-memory.dmp

Filesize
192KB

Download
memory/2896-61-0x0000000007930000-0x0000000007A46000-memory.dmp

Filesize
1.1MB

Download
memory/2896-62-0x0000000004DE0000-0x0000000004E20000-memory.dmp

Filesize
256KB

Download
memory/2896-63-0x0000000004DE0000-0x0000000004E20000-memory.dmp

Filesize
256KB

Download
memory/2896-64-0x00000000746E0000-0x0000000074DCE000-memory.dmp

Filesize
6.9MB

Download
memory/2896-65-0x0000000004DE0000-0x0000000004E20000-memory.dmp

Filesize
256KB

Download
memory/2896-66-0x0000000004DE0000-0x0000000004E20000-memory.dmp

Filesize
256KB

Download
memory/2896-67-0x0000000004DE0000-0x0000000004E20000-memory.dmp

Filesize
256KB

Download
memory/2896-68-0x00000000746E0000-0x0000000074DCE000-memory.dmp

Filesize
6.9MB

Download