Analysis
-
max time kernel
119s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 07:22
Behavioral task
behavioral1
Sample
novapdfs.exe
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
novapdfs.exe
Resource
win10v2004-20230915-en
1 signatures
150 seconds
General
-
Target
novapdfs.exe
-
Size
56KB
-
MD5
87fff70deb3f738a1f3508510a5090af
-
SHA1
ef6f443b618726153dcd5151ce9c96ab87c0c3f3
-
SHA256
71f777d0e779a7bf0da20ebdf3313557bb361f03e1cdddfeb9551939e74d9d90
-
SHA512
d357103a963fefdf5c11c5a23c6c6fcaffb574f449c579212bb148b8ab2b84303eab1253bd532acc338e6026f08c74251895a7bd036ca667dffac234f1dc43de
-
SSDEEP
1536:qAkAFnFilfwQO5Mqm9VdFd19F9Vd0623gRixUqoyihM:qhCFgfwQqhvgRI/7
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/2996-2-0x0000000000AD0000-0x0000000000AE0000-memory.dmp agile_net -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2996 wrote to memory of 2684 2996 novapdfs.exe 30 PID 2996 wrote to memory of 2684 2996 novapdfs.exe 30 PID 2996 wrote to memory of 2684 2996 novapdfs.exe 30