Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04-03-2024 02:40
Behavioral task
behavioral1
Sample
b10436ebe8849d347c9e82c25b118bc6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b10436ebe8849d347c9e82c25b118bc6.exe
Resource
win10v2004-20240226-en
General
-
Target
b10436ebe8849d347c9e82c25b118bc6.exe
-
Size
228KB
-
MD5
b10436ebe8849d347c9e82c25b118bc6
-
SHA1
2a95655895679de2f45600d2dde6ec78c112eaa0
-
SHA256
7c78f6c7c4f21544b4958eb35cbd32b82b524d931af2caba7632fa8c6dd07209
-
SHA512
12226f20d532df3ef08e26c1fa9d847137017783bae1e0f15673aa5878333263eef3e132357fe6baabe0826598a9fd43e79f60445e1593154e7d423263253223
-
SSDEEP
6144:VUVevCzfet3Agp0q9ygbX+1RzDU884gN:CevCzsaMJcR/V84+
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
b10436ebe8849d347c9e82c25b118bc6.exepid Process 3812 b10436ebe8849d347c9e82c25b118bc6.exe -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/3812-0-0x0000000000DF0000-0x0000000000E2E000-memory.dmp agile_net -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2368 3812 WerFault.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\b10436ebe8849d347c9e82c25b118bc6.exe"C:\Users\Admin\AppData\Local\Temp\b10436ebe8849d347c9e82c25b118bc6.exe"1⤵
- Loads dropped DLL
PID:3812 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 10762⤵
- Program crash
PID:2368
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3812 -ip 38121⤵PID:4048
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
140KB
MD5edd74be9723cdc6a5692954f0e51c9f3
SHA1e9fb66ceee1ba4ce7e5b8271b3e1ed7cb9acf686
SHA25655ff1e0a4e5866d565ceeb9baafac73fdcb4464160fc6c78104d935009935cd7
SHA51280abecdd07f364283f216d8f4d90a4da3efd4561900631fce05c2916afeb1b5bbce23ae92d57430b7b2b06c172b2ad701b2ab75b6dfd2a861abcf7edc38462f3