Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 01:09

General

  • Target

    2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe

  • Size

    592KB

  • MD5

    b63b90d3af7597a04d5ffe3d9063c7b8

  • SHA1

    321be5044cd8243232920dd34657c0cc4ed8fc0f

  • SHA256

    2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39

  • SHA512

    860ff673136c16c2cee0bf66705fd0342e29fbfa61886a507862d735032fc6d06e96151a491022801fe2981bd90f1b20375c6efa60a1a0a94bad212c57675473

  • SSDEEP

    12288:/fNYNjOGJ/USJi02fxLCiWsJBnn43wWuGdj64ZsBLHFz/Hd3t1X:nyNyDSJiJksJBnn7lisBRrhX

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe
    "C:\Users\Admin\AppData\Local\Temp\2c0551904aa8a19d6c2e6058b6dba86f9a6638c452887ff19e01abe907afba39.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1710731C.dll

    Filesize

    569KB

    MD5

    5991b35b8d42d8c3ad6437c981d08151

    SHA1

    bebe225bf296bda4e7f5e1f98995311bb49a8381

    SHA256

    a73e34d7fdf69e8e7f3ba45e8801ebd5d00ae008a68c8a20ab753c9e1ee88513

    SHA512

    10a83a6545821a074766b3d2849169bd053e86d5c6dc702de7b9cba8d4545469d22e7634ffbcb9669daec8156c32f65d984f6ecb765de93ca116188927beb87c

  • memory/2404-12-0x0000021BE1910000-0x0000021BE1916000-memory.dmp

    Filesize

    24KB

  • memory/2404-6-0x0000021BFBC60000-0x0000021BFBDA0000-memory.dmp

    Filesize

    1.2MB

  • memory/2404-14-0x0000021BFBB70000-0x0000021BFBB82000-memory.dmp

    Filesize

    72KB

  • memory/2404-15-0x0000021BFBBD0000-0x0000021BFBC0C000-memory.dmp

    Filesize

    240KB

  • memory/2404-9-0x0000021BE1930000-0x0000021BE1931000-memory.dmp

    Filesize

    4KB

  • memory/2404-10-0x0000021BE1930000-0x0000021BE1936000-memory.dmp

    Filesize

    24KB

  • memory/2404-3-0x00007FFAAFEC0000-0x00007FFAB0981000-memory.dmp

    Filesize

    10.8MB

  • memory/2404-0-0x0000021BE14C0000-0x0000021BE1558000-memory.dmp

    Filesize

    608KB

  • memory/2404-22-0x0000021BFBA10000-0x0000021BFBA20000-memory.dmp

    Filesize

    64KB

  • memory/2404-4-0x0000021BFBA10000-0x0000021BFBA20000-memory.dmp

    Filesize

    64KB

  • memory/2404-8-0x0000021BE1930000-0x0000021BE1931000-memory.dmp

    Filesize

    4KB

  • memory/2404-16-0x0000021BFBA10000-0x0000021BFBA20000-memory.dmp

    Filesize

    64KB

  • memory/2404-17-0x0000021BFBA10000-0x0000021BFBA20000-memory.dmp

    Filesize

    64KB

  • memory/2404-18-0x00007FFAAFEC0000-0x00007FFAB0981000-memory.dmp

    Filesize

    10.8MB

  • memory/2404-19-0x0000021BFBA10000-0x0000021BFBA20000-memory.dmp

    Filesize

    64KB

  • memory/2404-20-0x0000021BE1930000-0x0000021BE1931000-memory.dmp

    Filesize

    4KB

  • memory/2404-21-0x0000021BFBA10000-0x0000021BFBA20000-memory.dmp

    Filesize

    64KB

  • memory/2404-13-0x0000021BE19A0000-0x0000021BE19BA000-memory.dmp

    Filesize

    104KB