56fbcb8ce4617354524d35e88a84d65b5dbd6e7beb331ba6de49e2796e9290a6

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70cce5ab2fcc23f84d75333eb4b5986a.exe
Size

5.1MB
MD5

70cce5ab2fcc23f84d75333eb4b5986a
SHA1

8f98aea94726cc833e530407fe8d4d3bcf77455b
SHA256

56fbcb8ce4617354524d35e88a84d65b5dbd6e7beb331ba6de49e2796e9290a6
SHA512

98602c1ef8674b78c27363108a21d1d21386719d612a9f1f6cc53f1349f061878bdf048822aca4b5c136a283638208382b69f61a00f35f16c64cf11583c8d876
SSDEEP

98304:KYap3MQjKPSKPn0mjEMRoRheiRffzt9eWBmDDGgpDh4L4M:KYaFMQGPHPzEOcU4pcWBeqgjq4M

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1040	70cce5ab2fcc23f84d75333eb4b5986a.exe

Obfuscated with Agile.Net obfuscator 34 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral2/memory/1040-0-0x000001FAEAAF0000-0x000001FAEB00A000-memory.dmp	agile_net
behavioral2/memory/1040-3-0x000001FAED6C0000-0x000001FAED88E000-memory.dmp	agile_net
behavioral2/memory/1040-12-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-11-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-14-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-16-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-18-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-20-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-22-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-24-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-26-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-28-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-30-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-32-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-34-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-36-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-38-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-40-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-42-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-44-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-46-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-48-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-50-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-52-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-54-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-56-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-58-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-60-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-62-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-64-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-66-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-68-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-70-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net
behavioral2/memory/1040-72-0x000001FAED6C0000-0x000001FAED889000-memory.dmp	agile_net

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1040	70cce5ab2fcc23f84d75333eb4b5986a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1040	70cce5ab2fcc23f84d75333eb4b5986a.exe

C:\Users\Admin\AppData\Local\Temp\70cce5ab2fcc23f84d75333eb4b5986a.exe
"C:\Users\Admin\AppData\Local\Temp\70cce5ab2fcc23f84d75333eb4b5986a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a79fb50a-6ff8-4250-a55d-75f9f84269a8\AgileDotNetRT64.dll

Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
memory/1040-38-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-42-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-44-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-1-0x00007FFDD3740000-0x00007FFDD4201000-memory.dmp

Filesize
10.8MB

Download
memory/1040-10-0x00007FFDD1FF0000-0x00007FFDD213E000-memory.dmp

Filesize
1.3MB

Download
memory/1040-12-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-11-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-14-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-16-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-18-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-20-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-22-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-24-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-26-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-28-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-30-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-32-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-34-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-36-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-0-0x000001FAEAAF0000-0x000001FAEB00A000-memory.dmp

Filesize
5.1MB

Download
memory/1040-2-0x000001FAED5C0000-0x000001FAED5D0000-memory.dmp

Filesize
64KB

Download
memory/1040-40-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-3-0x000001FAED6C0000-0x000001FAED88E000-memory.dmp

Filesize
1.8MB

Download
memory/1040-46-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-48-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-50-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-52-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-54-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-56-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-58-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-60-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-62-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-64-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-66-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-68-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-70-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-72-0x000001FAED6C0000-0x000001FAED889000-memory.dmp

Filesize
1.8MB

Download
memory/1040-2304-0x00007FFDD3740000-0x00007FFDD4201000-memory.dmp

Filesize
10.8MB

Download
memory/1040-11446-0x000001FAED5C0000-0x000001FAED5D0000-memory.dmp

Filesize
64KB

Download
memory/1040-11447-0x000001FAED5C0000-0x000001FAED5D0000-memory.dmp

Filesize
64KB

Download
memory/1040-11448-0x000001FAED5C0000-0x000001FAED5D0000-memory.dmp

Filesize
64KB

Download
memory/1040-11449-0x000001FAED5C0000-0x000001FAED5D0000-memory.dmp

Filesize
64KB

Download