Overview

overview

7

Static

static

3

2835573571...57.exe

windows7-x64

2835573571...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    159s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 01:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    28355735712df444fbac698b656b053424ed6454fd3a4eaa6c41be1a3aab7d57.exe

  • Size

    596KB

  • MD5

    bf7009315a8152ca8cedbc13aff063c6

  • SHA1

    b9f3e2cb5f44ee85f41b6d0c2812641adca75af8

  • SHA256

    28355735712df444fbac698b656b053424ed6454fd3a4eaa6c41be1a3aab7d57

  • SHA512

    34fcfc974a0062e9b9bf047165269fae2aad2ac093ba07d37dabbda799f9ac031af75abbb73cf11fdd9e1863229fe302f633a1474546011bd72569fa0cc122d9

  • SSDEEP

    12288:cXvtax0mS42i1S6jdFvEALUNEDdtxtW79/qGqabRlD:cXF4X1tjXECIEzxtru

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28355735712df444fbac698b656b053424ed6454fd3a4eaa6c41be1a3aab7d57.exe
    "C:\Users\Admin\AppData\Local\Temp\28355735712df444fbac698b656b053424ed6454fd3a4eaa6c41be1a3aab7d57.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    PID:4652

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4A187335.dll
          Filesize

          516KB

          MD5

          65d967a636e697248559b05b8f208c58

          SHA1

          159aab343e56a60c93f6d032d39f7b9b7b7ad397

          SHA256

          b548727a73fb60b1f484d99fd650ee5bb9e07abf90d5da1ecfb7a344f14fb094

          SHA512

          178331f9795d86bda19697fd15869b6af7bf90e961eb652c9f34b59beff4ab78bf95d44083339bf6cc4dd6cff43180d8b38b022c4340fcccac7aed4c6994876c

          Download Submit

        • memory/4652-8-0x000001B75D240000-0x000001B75D250000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-14-0x000001B777460000-0x000001B777472000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4652-6-0x000001B777530000-0x000001B777650000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4652-0-0x000001B75CDF0000-0x000001B75CE8A000-memory.dmp

          Filesize

          616KB

          Download

        • memory/4652-9-0x000001B75D240000-0x000001B75D250000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-10-0x000001B75D240000-0x000001B75D250000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-4-0x000001B75D250000-0x000001B75D260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-11-0x000001B75D240000-0x000001B75D246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4652-13-0x000001B75D2A0000-0x000001B75D2BA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/4652-3-0x00007FFD45810000-0x00007FFD462D1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4652-15-0x000001B777790000-0x000001B7777CC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4652-16-0x00007FFD45810000-0x00007FFD462D1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4652-17-0x000001B75D250000-0x000001B75D260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-18-0x000001B75D240000-0x000001B75D250000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-19-0x000001B75D240000-0x000001B75D250000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4652-20-0x000001B75D240000-0x000001B75D250000-memory.dmp

          Filesize

          64KB

          Download