Overview

overview

10

Static

static

3

LAZONE.exe

windows7-x64

10

LAZONE.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    359s
  • max time network
    360s
  • platform
    windows7_x64
  • resource
    win7-20231129-ja
  • resource tags

    arch:x64arch:x86image:win7-20231129-jalocale:ja-jpos:windows7-x64systemwindows
  • submitted
    06-12-2023 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LAZONE.exe

  • Size

    3.2MB

  • MD5

    5bcc80236183d7afb6ba78d532177591

  • SHA1

    da5a82b133187b52451769a2d3a117fe339aead8

  • SHA256

    ac11f5fb4ba0171617515f053860d994ac273954c1322b91858ea85ee2ee5a84

  • SHA512

    c219af3938e9f1bd5e9eef71616fff8eed2ca4316b19f4f2056a66150b04cb02a7cd9153eeb736207878f965233268f0fe43d696c0a36b1f876398b82fee17de

  • SSDEEP

    98304:YK6jmkyr1UrBGgNexQIT4bNJFY3OqtHWMkQ:YHLy2I2jBHY3WY

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LAZONE.exe
    "C:\Users\Admin\AppData\Local\Temp\LAZONE.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-0-0x0000000000DD0000-0x00000000010FC000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1692-1-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1692-2-0x00000000005B0000-0x0000000000630000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1692-3-0x000000001B6B0000-0x000000001B8C4000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1692-4-0x00000000005B0000-0x0000000000630000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1692-5-0x000000001B490000-0x000000001B530000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1692-6-0x000000001AFA0000-0x000000001AFC6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1692-7-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1692-8-0x00000000005B0000-0x0000000000630000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1692-9-0x00000000005B0000-0x0000000000630000-memory.dmp

    Filesize

    512KB

    Download