Malware Analysis Report

2024-11-30 19:08

Sample ID 240310-qhv5qadd27
Target beb3424ba1c028244736bd765c38658a
SHA256 82b90d0ad421f0803cc8b9ec5c44df90881076e7b492ffa7d53751ede5082463
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

82b90d0ad421f0803cc8b9ec5c44df90881076e7b492ffa7d53751ede5082463

Threat Level: Shows suspicious behavior

The file beb3424ba1c028244736bd765c38658a was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-10 13:16

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-10 13:16

Reported

2024-03-10 13:19

Platform

win7-20240221-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe

"C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp

Files

memory/2868-0-0x0000000000090000-0x00000000004EE000-memory.dmp

memory/2868-1-0x000007FEF5BC0000-0x000007FEF65AC000-memory.dmp

memory/2868-2-0x0000000000D70000-0x0000000000DF0000-memory.dmp

memory/2868-3-0x000000001C850000-0x000000001CA1E000-memory.dmp

\Users\Admin\AppData\Local\Temp\a79fb50a-6ff8-4250-a55d-75f9f84269a8\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/2868-10-0x000007FEF4500000-0x000007FEF462C000-memory.dmp

memory/2868-11-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-12-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-14-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-16-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-18-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-20-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-22-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-24-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-26-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-28-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-30-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-32-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-34-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-36-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-38-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-40-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-42-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-44-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-46-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-48-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-50-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-54-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-52-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-56-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-58-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-60-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-62-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-64-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-68-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-66-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-70-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-72-0x000000001C850000-0x000000001CA19000-memory.dmp

memory/2868-6547-0x000007FEF5BC0000-0x000007FEF65AC000-memory.dmp

memory/2868-7079-0x0000000000D70000-0x0000000000DF0000-memory.dmp

memory/2868-11447-0x0000000000D70000-0x0000000000DF0000-memory.dmp

memory/2868-11448-0x0000000000D70000-0x0000000000DF0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-10 13:16

Reported

2024-03-10 13:19

Platform

win10v2004-20240226-en

Max time kernel

120s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe

"C:\Users\Admin\AppData\Local\Temp\beb3424ba1c028244736bd765c38658a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/552-0-0x000001E12BCC0000-0x000001E12C11E000-memory.dmp

memory/552-1-0x00007FFAF7EC0000-0x00007FFAF8981000-memory.dmp

memory/552-3-0x000001E146800000-0x000001E1469CE000-memory.dmp

memory/552-2-0x000001E1466C0000-0x000001E1466D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\a79fb50a-6ff8-4250-a55d-75f9f84269a8\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/552-10-0x00007FFB06F20000-0x00007FFB0706E000-memory.dmp

memory/552-11-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-12-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-14-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-16-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-18-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-20-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-22-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-24-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-26-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-28-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-30-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-32-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-34-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-36-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-38-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-40-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-42-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-44-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-46-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-48-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-50-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-52-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-54-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-56-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-58-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-60-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-62-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-64-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-66-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-68-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-70-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-72-0x000001E146800000-0x000001E1469C9000-memory.dmp

memory/552-2645-0x00007FFAF7EC0000-0x00007FFAF8981000-memory.dmp

memory/552-11446-0x000001E1466C0000-0x000001E1466D0000-memory.dmp

memory/552-11447-0x000001E1466C0000-0x000001E1466D0000-memory.dmp

memory/552-11448-0x000001E1466C0000-0x000001E1466D0000-memory.dmp