Analysis
-
max time kernel
1772s -
max time network
1168s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-es -
resource tags
arch:x64arch:x86image:win10v2004-20230915-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
13/10/2023, 01:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
MythicalLauncher.exe
Resource
win10v2004-20230915-es
2 signatures
1800 seconds
General
-
Target
MythicalLauncher.exe
-
Size
11.4MB
-
MD5
b33a49e80dbccc8499dfabfa247b289f
-
SHA1
f7077e74ea42448907d7a43506009c5538c29bcb
-
SHA256
77a9093ff3712bac83a45a20a6989539cddae0c2b04d02d135fd3cf503b8814c
-
SHA512
4c1dcd0597b76eadd26f0f73d1adf0183fe69a3e6906e1f4b070b7898c905e64560355db8667be0c1b2c64c7e7359d372c177da3e050bd0d16383d9e749bd507
-
SSDEEP
196608:Kbal3uBNNkFOS1ayTYNkFOS1ayTeRJ/tVrMt4qerc+ICwWPX3tnMfY4h2kSIrW:Fl3ytTyitTyyDEW3rc7Cwitch2kSe
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/3200-8-0x0000000006630000-0x0000000006644000-memory.dmp agile_net behavioral1/memory/3200-12-0x0000000007330000-0x000000000747A000-memory.dmp agile_net -
Program crash 2 IoCs
pid pid_target Process procid_target 3784 3200 WerFault.exe 84 3612 3200 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\MythicalLauncher.exe"C:\Users\Admin\AppData\Local\Temp\MythicalLauncher.exe"1⤵PID:3200
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 13882⤵
- Program crash
PID:3784
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 13882⤵
- Program crash
PID:3612
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3200 -ip 32001⤵PID:2668
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3200 -ip 32001⤵PID:4236