27ee59c2aa3a020f2966d4946845edf9449e9f2e2ce5fdccbfe31fb2ba5d69d7

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78.exe
Size

3.8MB
MD5

7c3a6e3b8468a9ce9aa21b8afc140473
SHA1

9f2bae4257e6509e7aa467a623786a0c0b10a8c8
SHA256

bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78
SHA512

df1172cdecbdfafe76db72244fa1b20ac5cca40ac596ae6157d1784c2890d5198bfbeba243a05a13e550ef3429f05670c065f2fc281f90df7973fe4e042e00e6
SSDEEP

98304:D7YlmkAB4MGZEmWAqG26XQ3hOeMP+pgODgRJCMwWtca4EOKKv1GeE2nMJrOlaN60:6YB4M4tjeHw4CnBvMB1rtbfhORKkf4CE

Score

7^/10

agilenet

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78.exe

Loads dropped DLL 1 IoCs

pid	Process
2500	bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral15/memory/2500-0-0x0000000000CB0000-0x000000000108E000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78.exe
"C:\Users\Admin\AppData\Local\Temp\bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\32d3d527-47ed-4989-a029-46e317071c31\AgileDotNetRT64.dll

Filesize
1.4MB

MD5
00a0c71dbc43efc7e53eea7243c35538

SHA1
57144dff50f3320eee576810f8770f7dce7ec124

SHA256
ce59eb41a1f5aee393065fecae450e878a4bb83b5662edebfd524a852f0ac515

SHA512
dadfac7fe9ec775ae9773c5e3f5b90af3070709f23b1458e549e21f058688dca4e4d1c3714c9f248031a3aedaff3b50a4d1c592a793640878890b901ce019f34

Download Submit
memory/2500-0-0x0000000000CB0000-0x000000000108E000-memory.dmp

Filesize
3.9MB

Download
memory/2500-1-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

Filesize
9.9MB

Download
memory/2500-2-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download
memory/2500-9-0x000007FEF23F0000-0x000007FEF2802000-memory.dmp

Filesize
4.1MB

Download
memory/2500-11-0x0000000077560000-0x0000000077709000-memory.dmp

Filesize
1.7MB

Download
memory/2500-12-0x000007FEF42B0000-0x000007FEF43DC000-memory.dmp

Filesize
1.2MB

Download
memory/2500-13-0x000007FEF23F0000-0x000007FEF2802000-memory.dmp

Filesize
4.1MB

Download
memory/2500-15-0x0000000077560000-0x0000000077709000-memory.dmp

Filesize
1.7MB

Download
memory/2500-14-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

Filesize
9.9MB

Download