Overview

overview

10

Static

static

10

antagaonist.exe

windows7-x64

7

antagaonist.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    antagaonist.exe

  • Size

    14.4MB

  • MD5

    7fd7835215946026612456572996b4a4

  • SHA1

    64b5f2d6a5fd2a36e70436af29deae0ceafbb457

  • SHA256

    6bbd73fb9dbfa61e7e17f94f19087009bdeed47619c7fcdaa790afbd82f020fa

  • SHA512

    d88e622f96631e639f44b516f3c89f1c3547840a3091b3535e0baed921e81e42d37ad1848732e79580ca3cf4347b83a1102678e45474692f3ddc19507f04886f

  • SSDEEP

    393216:/X7QMidQuslSq99oWOv+9fgTz+qk7/MOw:/LQ3dQuSDorvSYTz+b/A

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 46 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\antagaonist.exe
    "C:\Users\Admin\AppData\Local\Temp\antagaonist.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4632
    • C:\Users\Admin\AppData\Local\Temp\antagaonist.exe
      "C:\Users\Admin\AppData\Local\Temp\antagaonist.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:5060
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "tasklist"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2052
    • C:\Windows\system32\tasklist.exe
      tasklist
      1⤵
      • Enumerates processes with tasklist
      • Suspicious use of AdjustPrivilegeToken
      PID:5104

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI46322\_uuid.pyd
      Filesize

      23KB

      MD5

      041556420bdb334a71765d33229e9945

      SHA1

      0122316e74ee4ada1ce1e0310b8dca1131972ce1

      SHA256

      8b3d4767057c18c1c496e138d4843f25e5c98ddfc6a8d1b0ed46fd938ede5bb6

      SHA512

      18da574b362726ede927d4231cc7f2aebafbaaab47df1e31b233f7eda798253aef4c142bed1a80164464bd629015d387ae97ba36fcd3cedcfe54a5a1e5c5caa3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\crcook.txt
      Filesize

      29B

      MD5

      155ea3c94a04ceab8bd7480f9205257d

      SHA1

      b46bbbb64b3df5322dd81613e7fa14426816b1c1

      SHA256

      445e2bcecaa0d8d427b87e17e7e53581d172af1b9674cf1a33dbe1014732108b

      SHA512

      3d47449da7c91fe279217a946d2f86e5d95d396f53b55607ec8aca7e9aa545cfaf9cb97914b643a5d8a91944570f9237e18eecec0f1526735be6ceee45ecba05

      Download Submit