67551a4e17c6c827c6ba7190610c915744539597eaf900dc42abb6e855a60228

Analysis

max time kernel
310s
max time network
1822s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
11/10/2023, 22:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OktaADAgentSetup-3.16.0-1002-8f97b11.exe
Size

5.2MB
MD5

bd30c17435034fa907c6985922bda384
SHA1

2ca4f0b5bf032d3dc4ea8d87ff2b719b8987bed7
SHA256

67551a4e17c6c827c6ba7190610c915744539597eaf900dc42abb6e855a60228
SHA512

b6ce4de4fedabe1077dea7ef33661607c40f1c366ad204192fb571c7973c03fdbc44f2604773f2cc2c8686700979ebce2aaba845bca96c08a625ae915c67b062
SSDEEP

98304:key6GpGEFmZrrN+8a/Kts4sWAhay+pWNkXtEjIt24pTyGU73Yb:ke6pGEFarrMj/Os4u7ackttLiq

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1316	OktaADAgentSetup-3.16.0-1002-8f97b11.exe
1316	OktaADAgentSetup-3.16.0-1002-8f97b11.exe
1316	OktaADAgentSetup-3.16.0-1002-8f97b11.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OktaADAgentSetup-3.16.0-1002-8f97b11.exe
"C:\Users\Admin\AppData\Local\Temp\OktaADAgentSetup-3.16.0-1002-8f97b11.exe"
1⤵
- Loads dropped DLL
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\76D7B914\_Setup.dll

Filesize
438KB

MD5
8471dd0d18f38449d30250a96cb8676c

SHA1
ac0a51e4be9056ac49932add09fa5c777bfecb25

SHA256
41d85d7fef55749d8b92a49c90136c1af5ca111124b792a2b4fd1764ddd55dc6

SHA512
8145761d381de427a707fbeb5038206c52a3a1d10395ed4eda602460b9c1cc55dafbd055ad5b165af704df9eaf5943edb0deca7e1dbcde148bf75bad2f55fa56

Download Submit
\Users\Admin\AppData\Local\Temp\76D7B914\_Setupx.dll

Filesize
104KB

MD5
6e905ffbbe3ad1ce34da3b9e6a49a335

SHA1
fe7a2e68f0bc3945b1610eca92dfbd51345b4fa3

SHA256
1059650317e9715435ffb0288681e59a90eed52d1e6933ecd0ecbdb4f5606c55

SHA512
7a40e87f04f5ff79fed670d9900eb95517bf21e205abdb8245413f0db2e28cc80d72235bc2e1019f094ea5d2a6e77c3a37db10f4c7ab53a29d5c7c46a1b7204d

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu53C578CA.dll

Filesize
501KB

MD5
3edec4f51bc3b5cf4f3155a184a89dbc

SHA1
dee4917ceb619c95585a42b2dd78ba357d784666

SHA256
f6382b0f800ce9b12e18cfe4c7ab8633d9e23097930f9eb143a642a91bd02b47

SHA512
8cee629cbab43c173c1d8a5c5793493adf596a525bf1b5d5888bafa75fa1904101d34f51d47bc05c02917e224d98631f3da9e3bda87e4018c2f55f3f8d699ef2

Download Submit