Overview

overview

10

Static

static

3

PlaylistChanger.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    25s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-03-2024 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PlaylistChanger.exe

  • Size

    2.2MB

  • MD5

    992840853cda1374d064bf749b3d14d4

  • SHA1

    4ac48ce81052953e031dabac26fc3d94712e9ec5

  • SHA256

    a49a701a0f12804d8e499100781f794e584a9ae951ec9fd3e5f43d408295bc27

  • SHA512

    5454d83952c275e4774fdd4dc696959fe2a4bd31a952ad166ef0a49943ac0b655c0fda4fdb76f2a7066f09089d4869f1bcd46b9357c72d9f071208fb7f3bd5d0

  • SSDEEP

    49152:Uq/dlO71aMnA0Gtx1AE0RLSnfssgITYbNbNWo4kSH3OqtwIbZ:U+dccuA3xmSfs/IT4bNJFY3OqtX

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PlaylistChanger.exe
    "C:\Users\Admin\AppData\Local\Temp\PlaylistChanger.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/236-0-0x0000000074670000-0x0000000074E21000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/236-1-0x0000000000F50000-0x000000000118E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/236-2-0x0000000006540000-0x0000000006AE6000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/236-3-0x0000000005C50000-0x0000000005CE2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/236-4-0x0000000005F80000-0x0000000005F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/236-5-0x0000000005C30000-0x0000000005C3A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/236-6-0x0000000006090000-0x00000000062A4000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/236-7-0x0000000007550000-0x00000000075FE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/236-8-0x0000000009850000-0x00000000098EA000-memory.dmp

    Filesize

    616KB

    Download

  • memory/236-9-0x000000000B8D0000-0x000000000B8DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/236-10-0x0000000005F80000-0x0000000005F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/236-11-0x0000000074670000-0x0000000074E21000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/236-12-0x0000000005F80000-0x0000000005F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/236-13-0x0000000005F80000-0x0000000005F90000-memory.dmp

    Filesize

    64KB

    Download