Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 08:37
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Client.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
Client.exe
-
Size
8.4MB
-
MD5
b4f79cc7175d2a255998f884bd6a79ef
-
SHA1
21e94c467fc0e584424d38fe107f7ee467ea05f7
-
SHA256
5c455e1ac195be85dc6f1d528a5796e4132e9cc380d345e2d670488fb0247d86
-
SHA512
a74a8b9ce1453423561e06e30b18a8769f8a5bc6b87eb4a598e04946df7cfeda80a54aa01d77591aa9e1ff1504da3e1e14c223d2112753925b0cfe342345d1f9
-
SSDEEP
98304:mvB2pC6XG4HNkq5UKPhc24Y1/QPldHV7gPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJf:ZcUG4raKu24YY7HV74hV0AD6QgqKRgX
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/1676-0-0x0000000000940000-0x00000000011B0000-memory.dmp agile_net -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Client.exedescription pid process target process PID 1676 wrote to memory of 2848 1676 Client.exe WerFault.exe PID 1676 wrote to memory of 2848 1676 Client.exe WerFault.exe PID 1676 wrote to memory of 2848 1676 Client.exe WerFault.exe