Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

10015520.exe

windows7-x64

10

10015520.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10015520.exe

  • Size

    638KB

  • MD5

    ca3ba834efe42b9989c0625aadfa1071

  • SHA1

    d3c607a510e8e45e5e74c58de3da6a8b0946b6f0

  • SHA256

    d8204ac509d07bf3dd4113684775ceb188ca79a9d77965a3f31911bb3bdf093d

  • SHA512

    adaac20d33fd1b9ce66b0790edf8351d1ebb3fe5e36eb9d59420cda70eb132980e1442ab295af88cc2fe612d2f7827c32c84f4e87f92145e8f2c8226873f9466

  • SSDEEP

    12288:xvodG6hpxamLP2YGidPz4GOQ5lz2qE35i83DrQkFXaC2F:xvolhabWxAJ53DrQ+e

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10015520.exe
    "C:\Users\Admin\AppData\Local\Temp\10015520.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\Users\Admin\AppData\Local\Temp\10015520.exe
      "C:\Users\Admin\AppData\Local\Temp\10015520.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/688-8-0x0000000005A80000-0x0000000005A96000-memory.dmp

    Filesize

    88KB

    Download

  • memory/688-10-0x0000000006BB0000-0x0000000006C2A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/688-2-0x0000000000AE0000-0x0000000000B86000-memory.dmp

    Filesize

    664KB

    Download

  • memory/688-9-0x0000000001210000-0x0000000001220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/688-4-0x00000000055E0000-0x0000000005672000-memory.dmp

    Filesize

    584KB

    Download

  • memory/688-5-0x00000000055D0000-0x00000000055E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/688-6-0x00000000055D0000-0x00000000055E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/688-7-0x00000000059C0000-0x00000000059CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/688-1-0x0000000075120000-0x00000000758D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/688-0-0x0000000075120000-0x00000000758D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/688-3-0x0000000005AF0000-0x0000000006094000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/688-11-0x000000000A610000-0x000000000A6AC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/688-16-0x0000000075120000-0x00000000758D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4632-13-0x0000000075120000-0x00000000758D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4632-15-0x0000000005470000-0x0000000005480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4632-12-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/4632-17-0x0000000005580000-0x00000000055E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4632-18-0x0000000075120000-0x00000000758D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4632-19-0x0000000005470000-0x0000000005480000-memory.dmp

    Filesize

    64KB

    Download