Overview

overview

10

Static

static

10

Guna.UI2.dll

windows11-21h2-x64

1

88 AntiVirus.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    446s
  • max time network
    448s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-04-2024 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88 AntiVirus.exe

  • Size

    451KB

  • MD5

    a2e87a7c6ecd8ac0796667cc612bb61b

  • SHA1

    d581ef5bc0518832b59115cd0a47b6f669ebd51c

  • SHA256

    42134c7534f30a683ad5c1e1157367ced6360598a33e24b2343c2548b897c183

  • SHA512

    a4c2000b5dc8eca851efedafee056487ced4210b06146d73aa50892a00e4e1c1e4185cb3037b0e3036be37bf5b48f30cb9c24fdcb30abcd1aeb140c5f5211982

  • SSDEEP

    6144:hPkUwb08T2rqj7hT2rqj7hT2rqj7KMs7Xq0KELwb0:hPiSrqsrqsrqCMiXqB1

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88 AntiVirus.exe
    "C:\Users\Admin\AppData\Local\Temp\88 AntiVirus.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:4836

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\system.exe
    Filesize

    292KB

    MD5

    4d55409114bf655eda1ac1a13e83bbd5

    SHA1

    f4744eb3e8c4eef218c192f0f270a23f68e51683

    SHA256

    b6c228367130881f0d0f8a863be80cff735fe24a81d00e43c369025a865aa96c

    SHA512

    8afa542c3e3f33bb70309d0cc122e87c25d0a51eae6f2498b8e8dcf40a4db00c56b6e91652fb5b582e20421f5a9e1b3bb71795b39a5694f8aa791fa8df61756a

    Download Submit
  • memory/4836-0-0x0000000000380000-0x00000000003F6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/4836-1-0x0000000074CD0000-0x0000000075481000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4836-2-0x0000000005560000-0x0000000005B06000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4836-3-0x0000000004EB0000-0x0000000004F42000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4836-4-0x0000000005160000-0x0000000005170000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4836-5-0x0000000004EA0000-0x0000000004EAA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4836-6-0x0000000005B10000-0x0000000005D24000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/4836-7-0x0000000005160000-0x0000000005170000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4836-17-0x0000000074CD0000-0x0000000075481000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4836-18-0x0000000005160000-0x0000000005170000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4836-19-0x0000000005160000-0x0000000005170000-memory.dmp
    Filesize

    64KB

    Download