Overview

overview

10

Static

static

7

1b3a73040e...d3.exe

windows7-x64

10

1b3a73040e...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b3a73040e35a4aad3694d3d036446d3.exe

  • Size

    2.8MB

  • MD5

    1b3a73040e35a4aad3694d3d036446d3

  • SHA1

    9f64debc8f7fe6ffd922073da0f4ed54139ad9c8

  • SHA256

    27641498d9b498595cd6a181370f81b1e3b64d7155ff95f012babf362b60b4e2

  • SHA512

    f9e3276149ec2e2084b69464002c3c58d519bd32ac3f012f92cdb310af24a597e69e079d1ccc573437f52ef0ab35b07884316b91f7013060e5695964f14a1fd3

  • SSDEEP

    49152:ZIMqVJqJIXxNjdCHoE0exs/fV4BgZ/A/M0rIV2yyX/Nn:Z3PIGoy/BgZ/OR80ySn

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b3a73040e35a4aad3694d3d036446d3.exe
    "C:\Users\Admin\AppData\Local\Temp\1b3a73040e35a4aad3694d3d036446d3.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:3924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3924-0-0x000001AE4D550000-0x000001AE4D82C000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/3924-1-0x00007FFF18BF0000-0x00007FFF196B1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3924-2-0x000001AE67D20000-0x000001AE67D30000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3924-3-0x000001AE67E30000-0x000001AE6808A000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/3924-4-0x000001AE4F400000-0x000001AE4F412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3924-5-0x000001AE67C30000-0x000001AE67C4A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/3924-6-0x000001AE67C50000-0x000001AE67C62000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3924-7-0x000001AE68B20000-0x000001AE68D34000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/3924-8-0x000001AE67D20000-0x000001AE67D30000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3924-9-0x000001AE67D20000-0x000001AE67D30000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3924-11-0x000001AE69930000-0x000001AE6996C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3924-13-0x00007FFF18BF0000-0x00007FFF196B1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3924-14-0x000001AE67D20000-0x000001AE67D30000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3924-15-0x000001AE67D20000-0x000001AE67D30000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3924-16-0x000001AE67D20000-0x000001AE67D30000-memory.dmp
    Filesize

    64KB

    Download