Analysis

  • max time kernel
    152s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 23:02

General

  • Target

    6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34.exe

  • Size

    2.6MB

  • MD5

    27e5fd6b179cc604a92ad40a401f4aec

  • SHA1

    f8a7cd307bb1acfa2ed83d2c9d511bc2891b4332

  • SHA256

    6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34

  • SHA512

    99a2c3a5696751ca1936f2333ac4eca1c3c614b8371dab9c6cf65f0c7fbdc7f2ffb19342cd2b22e99fd4e35ca6a048f4d6494ae2bcecbed639c23fc0a76d28d8

  • SSDEEP

    49152:vCwaz70YMUaqZTbeSAmshGCOljXu0rTuEysKob19dFuAw+W7SCbcZM:nq0mLZBV+GCORXxTuEF/b1/s7ue

Score
9/10

Malware Config

Signatures

  • Detects executables (downlaoders) containing URLs to raw contents of a paste 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables manipulated with Fody 1 IoCs
  • Detects executables packed with Agile.NET / CliSecure 34 IoCs
  • Detects executables packed with VMProtect. 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 33 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 44 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4660
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4288
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
        PID:4392

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\c10786eb-9d72-4fbb-b0e8-a0d43e5e6ee1\AgileDotNetRT64.dll

        Filesize

        75KB

        MD5

        42b2c266e49a3acd346b91e3b0e638c0

        SHA1

        2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

        SHA256

        adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

        SHA512

        770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

      • memory/4660-42-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-11341-0x00000207BB3D0000-0x00000207BB3EA000-memory.dmp

        Filesize

        104KB

      • memory/4660-3-0x00000207B73D0000-0x00000207B759A000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-44-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-10-0x00007FFAE1F30000-0x00007FFAE207E000-memory.dmp

        Filesize

        1.3MB

      • memory/4660-12-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-11-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-14-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-16-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-18-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-20-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-22-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-24-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-26-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-28-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-30-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-32-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-48-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-36-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-38-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-40-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-0-0x000002079C960000-0x000002079CD50000-memory.dmp

        Filesize

        3.9MB

      • memory/4660-1-0x00007FFAE3680000-0x00007FFAE4141000-memory.dmp

        Filesize

        10.8MB

      • memory/4660-2-0x00000207B73C0000-0x00000207B73D0000-memory.dmp

        Filesize

        64KB

      • memory/4660-34-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-50-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-52-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-54-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-56-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-58-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-60-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-62-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-64-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-66-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-68-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-70-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-72-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-1993-0x00007FFAE3680000-0x00007FFAE4141000-memory.dmp

        Filesize

        10.8MB

      • memory/4660-2212-0x00000207B73C0000-0x00000207B73D0000-memory.dmp

        Filesize

        64KB

      • memory/4660-11337-0x00000207B73C0000-0x00000207B73D0000-memory.dmp

        Filesize

        64KB

      • memory/4660-11338-0x00000207B73C0000-0x00000207B73D0000-memory.dmp

        Filesize

        64KB

      • memory/4660-11339-0x00000207B7260000-0x00000207B727A000-memory.dmp

        Filesize

        104KB

      • memory/4660-11340-0x00000207B7390000-0x00000207B739E000-memory.dmp

        Filesize

        56KB

      • memory/4660-46-0x00000207B73D0000-0x00000207B7596000-memory.dmp

        Filesize

        1.8MB

      • memory/4660-11342-0x00000207B7280000-0x00000207B7288000-memory.dmp

        Filesize

        32KB