Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 01:09
Static task
static1
Behavioral task
behavioral1
Sample
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe
Resource
win10v2004-20240226-en
General
-
Target
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe
-
Size
592KB
-
MD5
b63b90d3af7597a04d5ffe3d9063c7b8
-
SHA1
321be5044cd8243232920dd34657c0cc4ed8fc0f
-
SHA256
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39
-
SHA512
860ff673136c16c2cee0bf66705fd0342e29fbfa61886a507862d735032fc6d06e96151a491022801fe2981bd90f1b20375c6efa60a1a0a94bad212c57675473
-
SSDEEP
12288:/fNYNjOGJ/USJi02fxLCiWsJBnn43wWuGdj64ZsBLHFz/Hd3t1X:nyNyDSJiJksJBnn7lisBRrhX
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/2404-6-0x0000021BFBC60000-0x0000021BFBDA0000-memory.dmp agile_net behavioral2/files/0x00090000000231ed-11.dat agile_net -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
Processes:
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exepid Process 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe -
Suspicious behavior: EnumeratesProcesses 50 IoCs
Processes:
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exepid Process 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exedescription pid Process Token: SeDebugPrivilege 2404 2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe"C:\Users\Admin\AppData\Local\Temp\2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2404
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
569KB
MD55991b35b8d42d8c3ad6437c981d08151
SHA1bebe225bf296bda4e7f5e1f98995311bb49a8381
SHA256a73e34d7fdf69e8e7f3ba45e8801ebd5d00ae008a68c8a20ab753c9e1ee88513
SHA51210a83a6545821a074766b3d2849169bd053e86d5c6dc702de7b9cba8d4545469d22e7634ffbcb9669daec8156c32f65d984f6ecb765de93ca116188927beb87c