Overview

overview

10

Static

static

5

PO 12.04 pdf.exe

windows7-x64

10

PO 12.04 pdf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    316s
  • max time network
    316s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-04-2024 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO 12.04 pdf.exe

  • Size

    1.1MB

  • MD5

    d90a72256615ac3ba74c924012fea42c

  • SHA1

    b9590a8777fac1b545be42ab89ca14f5facd163b

  • SHA256

    887199f41d24aa708148968e98abb902ba2d4e3d346420bdc602b77cdcbc2c2f

  • SHA512

    17b122e88d398660aec334dae1589ae79259c6bd4ab3616e3486624f2117422e290d1c2c63a3ee346c4b51693130e03eae79af2ad0b66b0629153288154b6418

  • SSDEEP

    24576:7AHnh+eWsN3skA4RV1Hom2KXMmHavPFb1MCgQ1WKK/utU5:Wh+ZkldoPK8YavPLMSY

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Detect ZGRat V1 33 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO 12.04 pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\PO 12.04 pdf.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\PO 12.04 pdf.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\soliloquised
    Filesize

    261KB

    MD5

    4b25952eeb9e4cc3a0c4488258f0d4e7

    SHA1

    14dd1fbefd98be6df8b4bf9f902a809d886c53a7

    SHA256

    34c219a98744e882eb09c42bc52f2ceba1fcd08c1a7bd18735c51ffc459d42e6

    SHA512

    073075d778f33d4710dea4267be1712bd8186ace522f683d53195c934a44535dfcdd9c939a978cbb937d6330c113199db5bd54149fe8e1e4ec60c0ac2b2a5ca1

    Download Submit
  • memory/1704-11-0x0000000000160000-0x0000000000164000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2564-12-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/2564-14-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/2564-15-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/2564-17-0x0000000074010000-0x00000000746FE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2564-16-0x0000000000C10000-0x0000000000C64000-memory.dmp
    Filesize

    336KB

    Download
  • memory/2564-18-0x0000000004B00000-0x0000000004B40000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2564-19-0x0000000004B00000-0x0000000004B40000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2564-20-0x00000000021A0000-0x00000000021F2000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2564-21-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-22-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-24-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-26-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-28-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-30-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-32-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-34-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-36-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-38-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-40-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-42-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-44-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-46-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-48-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-50-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-52-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-54-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-56-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-58-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-60-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-62-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-64-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-66-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-68-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-70-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-72-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-74-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-76-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-78-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-80-0x00000000021A0000-0x00000000021ED000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2564-1051-0x0000000004B00000-0x0000000004B40000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2564-1052-0x0000000074010000-0x00000000746FE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2564-1053-0x0000000004B00000-0x0000000004B40000-memory.dmp
    Filesize

    256KB

    Download