Malware Analysis Report

2024-11-30 19:21

Sample ID 240306-bjv4safh92
Target 2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca
SHA256 2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca
Tags
agenttesla agilenet keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca

Threat Level: Known bad

The file 2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca was found to be: Known bad.

Malicious Activity Summary

agenttesla agilenet keylogger spyware stealer trojan

AgentTesla

AgentTesla payload

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates system info in registry

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-06 01:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-06 01:10

Reported

2024-03-06 01:13

Platform

win7-20240220-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe

"C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyauth.win udp
US 104.26.0.5:443 keyauth.win tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp

Files

memory/2792-0-0x0000000000E40000-0x0000000001158000-memory.dmp

memory/2792-1-0x00000000744C0000-0x0000000074BAE000-memory.dmp

memory/2792-2-0x0000000000B30000-0x0000000000B70000-memory.dmp

\Users\Admin\AppData\Local\Temp\453A6857.dll

MD5 67844fa1c427751b94f8206890a82d69
SHA1 bd76085724607c7f8b689fcc0b6d13e7a2c47d2a
SHA256 7d6669c44ae3625015d94f7ab516c3a203fc341a4bc6dfe06e1d3677547823bb
SHA512 e2b8a4ae2ec8871813e46d77c6821e2e8f63b560c0e443f5363d97241d568fa6321275a0acf800ffce4f8d7ae45b23b5283c9339273ad9a7423d2a02f17c9235

memory/2792-8-0x00000000050B0000-0x000000000522E000-memory.dmp

memory/2792-12-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-11-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-10-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-13-0x0000000000530000-0x0000000000536000-memory.dmp

memory/2792-15-0x0000000008A30000-0x0000000008C94000-memory.dmp

memory/2792-16-0x0000000000600000-0x000000000061A000-memory.dmp

memory/2792-17-0x0000000009240000-0x000000000938E000-memory.dmp

memory/2792-18-0x00000000009E0000-0x00000000009F4000-memory.dmp

memory/2792-19-0x000000000A1B0000-0x000000000A3C4000-memory.dmp

memory/2792-20-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-21-0x0000000000B30000-0x0000000000B70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab345B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar3961.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c80436769d0cc5abdcb887656be2b98
SHA1 74a8bc6c201e1e85935ab6312a03169af5a8acf4
SHA256 b677f4f62e62398794a6541692563132b745309c62791a448a8c665489fd52a6
SHA512 9d04c73c311d20e54e7ddac89590032032d994545014ac8c552a3d11cc9be5821332b773f348f6b34354438c211410a3a275993411f1bd4debd4746261e91a61

memory/2792-89-0x00000000744C0000-0x0000000074BAE000-memory.dmp

memory/2792-90-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-91-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-92-0x0000000000B30000-0x0000000000B70000-memory.dmp

memory/2792-93-0x0000000000B30000-0x0000000000B70000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-06 01:10

Reported

2024-03-06 01:13

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe

"C:\Users\Admin\AppData\Local\Temp\2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 104.26.1.5:443 keyauth.win tcp
US 8.8.8.8:53 5.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp

Files

memory/5044-0-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/5044-1-0x0000000000EC0000-0x00000000011D8000-memory.dmp

memory/5044-2-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\453A6857.dll

MD5 0cf7968dbd9e8093c19e3e876f1b2c9e
SHA1 145f4ce6281f1d645a0340964505bda13285a6b3
SHA256 f9aafea52a7e5556ec211a604114778dfa868e4df98a19455581732e1b5d27c2
SHA512 ceaa053a41e09033732f4d889c6fc41fe14ce303d638517f400aff6fbc8099b0db5b89c6da4b6fd89a59da04121baa7a78f25da495e9e697836b37b773e80c6c

C:\Users\Admin\AppData\Local\Temp\453A6857.dll

MD5 67844fa1c427751b94f8206890a82d69
SHA1 bd76085724607c7f8b689fcc0b6d13e7a2c47d2a
SHA256 7d6669c44ae3625015d94f7ab516c3a203fc341a4bc6dfe06e1d3677547823bb
SHA512 e2b8a4ae2ec8871813e46d77c6821e2e8f63b560c0e443f5363d97241d568fa6321275a0acf800ffce4f8d7ae45b23b5283c9339273ad9a7423d2a02f17c9235

memory/5044-8-0x0000000005DA0000-0x0000000005F1E000-memory.dmp

memory/5044-10-0x0000000005620000-0x0000000005621000-memory.dmp

memory/5044-11-0x0000000005620000-0x0000000005621000-memory.dmp

memory/5044-12-0x0000000005620000-0x0000000005626000-memory.dmp

memory/5044-14-0x0000000007300000-0x0000000007564000-memory.dmp

memory/5044-15-0x00000000062B0000-0x00000000062CA000-memory.dmp

memory/5044-16-0x00000000083E0000-0x0000000008984000-memory.dmp

memory/5044-17-0x0000000007AA0000-0x0000000007B32000-memory.dmp

memory/5044-18-0x0000000007A30000-0x0000000007A3A000-memory.dmp

memory/5044-19-0x0000000007D30000-0x0000000007D42000-memory.dmp

memory/5044-20-0x0000000007D50000-0x0000000007E9E000-memory.dmp

memory/5044-21-0x0000000007EA0000-0x0000000007EB4000-memory.dmp

memory/5044-22-0x0000000009700000-0x0000000009914000-memory.dmp

memory/5044-23-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-26-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-25-0x0000000006DA0000-0x0000000006DDC000-memory.dmp

memory/5044-27-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-28-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-29-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/5044-30-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-31-0x0000000005620000-0x0000000005621000-memory.dmp

memory/5044-32-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-33-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-34-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-35-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-36-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-37-0x0000000005BB0000-0x0000000005BC0000-memory.dmp

memory/5044-38-0x0000000005BB0000-0x0000000005BC0000-memory.dmp