Malware Analysis Report

2024-09-11 01:42

Sample ID 240328-c57v5sba64
Target 73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.zip
SHA256 4c8a5bb1d0ea9f686ed0d1e58579d6b6b12465ed291873f26687bccc3783f00d
Tags
agenda ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4c8a5bb1d0ea9f686ed0d1e58579d6b6b12465ed291873f26687bccc3783f00d

Threat Level: Known bad

The file 73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.zip was found to be: Known bad.

Malicious Activity Summary

agenda ransomware

Agenda Ransomware

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-28 02:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-28 02:40

Reported

2024-03-28 02:45

Platform

win7-20240221-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.exe"

Signatures

Agenda Ransomware

ransomware agenda

Processes

C:\Users\Admin\AppData\Local\Temp\73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.exe

"C:\Users\Admin\AppData\Local\Temp\73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.exe"

Network

N/A

Files

memory/2016-0-0x0000000010000000-0x00000000103B2000-memory.dmp

memory/2016-10-0x0000000000C20000-0x0000000001024000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-28 02:40

Reported

2024-03-28 02:45

Platform

win10v2004-20231215-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.exe"

Signatures

Agenda Ransomware

ransomware agenda

Processes

C:\Users\Admin\AppData\Local\Temp\73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.exe

"C:\Users\Admin\AppData\Local\Temp\73b1fffd35d3a72775e0ac4c836e70efefa0930551a2f813843bdfb32df4579a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

memory/4004-0-0x0000000010000000-0x00000000103B2000-memory.dmp

memory/4004-10-0x0000000000A60000-0x0000000000E64000-memory.dmp