Overview

overview

3

Static

static

3

AgentPicker.exe

windows10-2004-x64

1

Resubmissions

03-11-2023 10:23

231103-mexbtsad44 3

03-11-2023 10:18

231103-mb9sragb4s 3

Analysis

  • max time kernel
    158s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2023 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AgentPicker.exe

  • Size

    425KB

  • MD5

    2892f479137e029f844d79da86f7dfbc

  • SHA1

    9215319abf294a17ddb9cb2496c3cdd4b03198dd

  • SHA256

    b16bab869527ccafd8c885928012ffbef102175358ce744e751495029da1ce34

  • SHA512

    5aa6944dfa6247717a306815f609d6c1b34d314ffbf2414a91f8f885fe5f0d120684f4e9de70d50a294ec584f4b110ce783d7fc095fbce28c630953726de5782

  • SSDEEP

    12288:6ZOWaXjETD7VbSfH2ZxTJfSd1z/Me9x6gEJ:4yghbSvwoPTNxfC

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AgentPicker.exe
    "C:\Users\Admin\AppData\Local\Temp\AgentPicker.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Continue Button.ini
    Filesize

    92B

    MD5

    845454c5f1fcd63ad9968685eb37bd63

    SHA1

    500f229cb81da8dcc02aef59184360fccdcd1bbf

    SHA256

    8ff08170c37e6ec2f1c7a6f89161a7bbb8cc1e597e2892c074b428b5b7bfb822

    SHA512

    bd7ff7aac573e933800a0a8b10fa5049407a8b8cef6052d5577091fb50c23f429f7572ccb3e2498249b7d971327a401ab5ae532814c42b6a9c396236596d1df5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ignore.ini
    Filesize

    78B

    MD5

    31300d783a7585fa25c81eb5bdaefffd

    SHA1

    200f9b470f1c215f60a5b7e85f7edf844207a3a3

    SHA256

    75001bd5c0c94d0b65f1e5cb63bbcb9426366609934725741e0c4592b1fa5cb3

    SHA512

    916dc520a3087f87a256c5ed15b4e71ef6aa3adda6b6080bfc20ff3b96739a48e915e77cba2a760b7af7b543a102a77f33b69b025ab527f6073baa495bc490ce

    Download Submit

  • memory/4880-0-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4880-17-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4880-18-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4880-20-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4880-22-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4880-23-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4880-24-0x0000000000400000-0x0000000000575000-memory.dmp

    Filesize

    1.5MB

    Download