Analysis
-
max time kernel
359s -
max time network
360s -
platform
windows7_x64 -
resource
win7-20231129-ja -
resource tags
arch:x64arch:x86image:win7-20231129-jalocale:ja-jpos:windows7-x64systemwindows -
submitted
06-12-2023 11:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
LAZONE.exe
Resource
win7-20231129-ja
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
LAZONE.exe
Resource
win10v2004-20231130-ja
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
LAZONE.exe
-
Size
3.2MB
-
MD5
5bcc80236183d7afb6ba78d532177591
-
SHA1
da5a82b133187b52451769a2d3a117fe339aead8
-
SHA256
ac11f5fb4ba0171617515f053860d994ac273954c1322b91858ea85ee2ee5a84
-
SHA512
c219af3938e9f1bd5e9eef71616fff8eed2ca4316b19f4f2056a66150b04cb02a7cd9153eeb736207878f965233268f0fe43d696c0a36b1f876398b82fee17de
-
SSDEEP
98304:YK6jmkyr1UrBGgNexQIT4bNJFY3OqtHWMkQ:YHLy2I2jBHY3WY
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1692-3-0x000000001B6B0000-0x000000001B8C4000-memory.dmp family_agenttesla behavioral1/memory/1692-9-0x00000000005B0000-0x0000000000630000-memory.dmp family_agenttesla -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
LAZONE.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS LAZONE.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer LAZONE.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion LAZONE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
LAZONE.exedescription pid process Token: SeDebugPrivilege 1692 LAZONE.exe