Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 01:20

General

  • Target

    466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe

  • Size

    593KB

  • MD5

    a87ee49ce1a1e3e91ce2a64ce7afe4f6

  • SHA1

    7353f88065dcea94df6d3e1342240a492c2cba7e

  • SHA256

    466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5

  • SHA512

    1d288436e62d27e806daa004c6f8a6cfc961e6cd65a22a20b6e59c0b63db40330a988262f41cafb0cad5999149929c5cd3b238f9e038dd9b837b98261779f5e0

  • SSDEEP

    12288:S0KXtBO2yxr6o049ArrqJtctQg5cNf5zOHWdwLKJUYrnXQTsnAh:W9IWrrqJOtx5Q5vdwUUY7ATlh

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe
    "C:\Users\Admin\AppData\Local\Temp\466aac6ffc5f07a1545bd69d45d30ca781570aba4a0ef45b592bb5aee92f91c5.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41036B4F.dll

    Filesize

    568KB

    MD5

    523369adf6445701a77c69879a873ba9

    SHA1

    176d2d54f6daeb1058076218d21d61f49970d68f

    SHA256

    2bb539ffbb858c43e31c502d523f61f21c323daff2cee5f2a413311a1eae8100

    SHA512

    8c4b1b27dc906e33540005592a1b853c4ab8f7c1f7cf7dc58ad5ee51aee3031b8b07baca3e964ea439af46b01b37d190e344d5a526f8323e66d3f4e15176f8ca

  • memory/3144-18-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-30-0x0000020D737C0000-0x0000020D738C0000-memory.dmp

    Filesize

    1024KB

  • memory/3144-6-0x0000020D73200000-0x0000020D73340000-memory.dmp

    Filesize

    1.2MB

  • memory/3144-8-0x0000020D726B0000-0x0000020D726B1000-memory.dmp

    Filesize

    4KB

  • memory/3144-9-0x0000020D726B0000-0x0000020D726B1000-memory.dmp

    Filesize

    4KB

  • memory/3144-10-0x0000020D726B0000-0x0000020D726B6000-memory.dmp

    Filesize

    24KB

  • memory/3144-3-0x00007FFA38810000-0x00007FFA392D1000-memory.dmp

    Filesize

    10.8MB

  • memory/3144-12-0x0000020D726A0000-0x0000020D726A6000-memory.dmp

    Filesize

    24KB

  • memory/3144-13-0x0000020D727B0000-0x0000020D727CA000-memory.dmp

    Filesize

    104KB

  • memory/3144-14-0x0000020D73150000-0x0000020D73162000-memory.dmp

    Filesize

    72KB

  • memory/3144-15-0x0000020D731B0000-0x0000020D731EC000-memory.dmp

    Filesize

    240KB

  • memory/3144-17-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-32-0x00007FFA38810000-0x00007FFA392D1000-memory.dmp

    Filesize

    10.8MB

  • memory/3144-4-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-23-0x0000020D737C0000-0x0000020D738C0000-memory.dmp

    Filesize

    1024KB

  • memory/3144-20-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-21-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-22-0x0000020D726B0000-0x0000020D726B1000-memory.dmp

    Filesize

    4KB

  • memory/3144-19-0x00007FFA38810000-0x00007FFA392D1000-memory.dmp

    Filesize

    10.8MB

  • memory/3144-24-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-25-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-26-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-27-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB

  • memory/3144-28-0x0000020D737C0000-0x0000020D738C0000-memory.dmp

    Filesize

    1024KB

  • memory/3144-29-0x0000020D737C0000-0x0000020D738C0000-memory.dmp

    Filesize

    1024KB

  • memory/3144-0-0x0000020D70AA0000-0x0000020D70B38000-memory.dmp

    Filesize

    608KB

  • memory/3144-31-0x0000020D737C0000-0x0000020D738C0000-memory.dmp

    Filesize

    1024KB

  • memory/3144-16-0x0000020D726F0000-0x0000020D72700000-memory.dmp

    Filesize

    64KB