Overview

overview

10

Static

static

3

Zapytanie ...N).exe

windows7-x64

10

Zapytanie ...N).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    85s
  • max time network
    87s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2024, 19:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Zapytanie ofertowe (7427-23 ROCKFIN).exe

  • Size

    861KB

  • MD5

    c224cae5fc90191fbedcc9bbdc54f8c1

  • SHA1

    55704be9332dcb79a7a9e1042a02255edb1005e2

  • SHA256

    c14fe4f707ed7f422178693a9f71fa8bbf9b2de67b3fd6ead158f63f9e0e0ea2

  • SHA512

    0763faef78069c7fb8533c0bf5c4c1cccab66957c1fbdd0b0055e483730e4db8a8f8de3244b7918dc8cac446bb3243df0694b7863c09c70c1c45ee9617dac3e2

  • SSDEEP

    12288:+Xc87X+bXPXST4Fof1XUhgPj7RxUV47Ca3xsOEx2ka8BQvewEaD27:+XcH/X4ycDUV479my8BsMaD27

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Zapytanie ofertowe (7427-23 ROCKFIN).exe
    "C:\Users\Admin\AppData\Local\Temp\Zapytanie ofertowe (7427-23 ROCKFIN).exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4364
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:4924
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4684

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4364-10-0x0000000004AE0000-0x0000000004AF0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4364-0-0x00000000000B0000-0x000000000018E000-memory.dmp

            Filesize

            888KB

            Download

          • memory/4364-2-0x0000000005170000-0x0000000005714000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4364-3-0x0000000004B00000-0x0000000004B92000-memory.dmp

            Filesize

            584KB

            Download

          • memory/4364-4-0x0000000004C60000-0x0000000004CFC000-memory.dmp

            Filesize

            624KB

            Download

          • memory/4364-5-0x0000000004AE0000-0x0000000004AF0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4364-6-0x0000000005EE0000-0x0000000005F24000-memory.dmp

            Filesize

            272KB

            Download

          • memory/4364-7-0x0000000005F60000-0x0000000005F6A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/4364-9-0x0000000074A20000-0x00000000751D0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4364-8-0x0000000004AE0000-0x0000000004AF0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4364-12-0x0000000006EA0000-0x0000000006EBA000-memory.dmp

            Filesize

            104KB

            Download

          • memory/4364-11-0x0000000004AE0000-0x0000000004AF0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4364-1-0x0000000074A20000-0x00000000751D0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4364-13-0x0000000006ED0000-0x0000000006ED6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/4364-17-0x0000000074A20000-0x00000000751D0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4684-14-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/4684-16-0x0000000074A20000-0x00000000751D0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4684-19-0x0000000005080000-0x0000000005090000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4684-18-0x0000000004FA0000-0x0000000005006000-memory.dmp

            Filesize

            408KB

            Download

          • memory/4684-20-0x0000000005E40000-0x0000000005E90000-memory.dmp

            Filesize

            320KB

            Download