Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 01:20
Static task
static1
Behavioral task
behavioral1
Sample
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe
Resource
win10v2004-20240226-en
General
-
Target
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe
-
Size
593KB
-
MD5
a87ee49ce1a1e3e91ce2a64ce7afe4f6
-
SHA1
7353f88065dcea94df6d3e1342240a492c2cba7e
-
SHA256
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5
-
SHA512
1d288436e62d27e806daa004c6f8a6cfc961e6cd65a22a20b6e59c0b63db40330a988262f41cafb0cad5999149929c5cd3b238f9e038dd9b837b98261779f5e0
-
SSDEEP
12288:S0KXtBO2yxr6o049ArrqJtctQg5cNf5zOHWdwLKJUYrnXQTsnAh:W9IWrrqJOtx5Q5vdwUUY7ATlh
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/3144-6-0x0000020D73200000-0x0000020D73340000-memory.dmp agile_net behavioral2/files/0x00050000000224ff-11.dat agile_net -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
Processes:
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exepid Process 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
Processes:
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exepid Process 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exedescription pid Process Token: SeDebugPrivilege 3144 466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe"C:\Users\Admin\AppData\Local\Temp\466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3144
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
568KB
MD5523369adf6445701a77c69879a873ba9
SHA1176d2d54f6daeb1058076218d21d61f49970d68f
SHA2562bb539ffbb858c43e31c502d523f61f21c323daff2cee5f2a413311a1eae8100
SHA5128c4b1b27dc906e33540005592a1b853c4ab8f7c1f7cf7dc58ad5ee51aee3031b8b07baca3e964ea439af46b01b37d190e344d5a526f8323e66d3f4e15176f8ca