Overview

overview

10

Static

static

3

ORDERN.F1676.23.exe

windows7-x64

10

ORDERN.F1676.23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    17s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231130-en
  • resource tags

    arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2023 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ORDERN.F1676.23.exe

  • Size

    800KB

  • MD5

    48f3c7c07b24927689c8de637ee7b567

  • SHA1

    47adfbcf07c63668c020c3f0c49a35668ec65a75

  • SHA256

    18823ee2c8f0eb332d3519eb7bad50124ddaab05364eaf1f4cbf26efa846f33a

  • SHA512

    e23fdc41a5e8ee6e3824ca7e4c338e0f9d6a336b81fc0d594d619ebae3a0a428d6d96557bcbc1e0acbd79e08934f56da836314786d7aa6beb5eafba5ef791ee4

  • SSDEEP

    12288:0dKE6jD/62iNG5nF8BZlfr5Syj74fK9UrAfZRqusn9DwqoPLwbVl335kypwbfest:0dKtD/61Ic3FyrABRi9UqBDH5luGC

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ORDERN.F1676.23.exe
    "C:\Users\Admin\AppData\Local\Temp\ORDERN.F1676.23.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\THfPxk.exe"
      2⤵
        PID:2964
      • C:\Users\Admin\AppData\Local\Temp\ORDERN.F1676.23.exe
        "C:\Users\Admin\AppData\Local\Temp\ORDERN.F1676.23.exe"
        2⤵
          PID:2828
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\THfPxk" /XML "C:\Users\Admin\AppData\Local\Temp\tmp52D1.tmp"
          2⤵
          • Creates scheduled task(s)
          PID:2592

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\tmp52D1.tmp
        Filesize

        1KB

        MD5

        b0eaa09f855df334c2ab7150e6225a6c

        SHA1

        57dc4b15cd434db379080110ea7ef6142be13c86

        SHA256

        0a3bbb7db72bd2dcd089477c5d74d1b981e14706c8f4b7db31d7315e25b6f000

        SHA512

        3e54d65bc984093b0b0f561cd5577b568818fe8df40ae13c95b12e08fbf9fa4f0e1aa0f75688a215e00b1989b938e6353b7387cc56edc3cd97816dca405d1b13

        Download Submit

      • memory/2328-24-0x00000000748D0000-0x0000000074FBE000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2328-1-0x00000000748D0000-0x0000000074FBE000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2328-2-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2328-3-0x0000000000A60000-0x0000000000A78000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2328-5-0x0000000000AC0000-0x0000000000ACA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2328-4-0x0000000000950000-0x0000000000958000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2328-6-0x00000000052D0000-0x000000000534A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/2328-0-0x00000000012F0000-0x00000000013BE000-memory.dmp

        Filesize

        824KB

        Download

      • memory/2828-22-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-25-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-34-0x0000000072AD0000-0x00000000731BE000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2828-35-0x0000000000560000-0x00000000005A0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2828-14-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-29-0x0000000000560000-0x00000000005A0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2828-15-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-16-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-17-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-28-0x0000000072AD0000-0x00000000731BE000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2828-20-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2828-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2964-33-0x000000006EC90000-0x000000006F23B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2964-26-0x000000006EC90000-0x000000006F23B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2964-27-0x000000006EC90000-0x000000006F23B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2964-30-0x0000000002980000-0x00000000029C0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2964-31-0x0000000002980000-0x00000000029C0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2964-32-0x0000000002980000-0x00000000029C0000-memory.dmp

        Filesize

        256KB

        Download