Overview

overview

7

Static

static

3

5bbbc71308...dd.exe

windows7-x64

5bbbc71308...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bbbc71308bec5f2060cc886298c14c0aef3380e2f36f7ad1c640a48b9fc8edd.exe

  • Size

    591KB

  • MD5

    a277d4581da659a1c6c6b043d58b6e58

  • SHA1

    eb9f5cfd8ae33b9ed5c8284f68cfe0fda847827f

  • SHA256

    5bbbc71308bec5f2060cc886298c14c0aef3380e2f36f7ad1c640a48b9fc8edd

  • SHA512

    744b40c35482a1bb11ac99bd3ccce5f2af17ecf7bbb01dc6473f3febf51e52cc3620915626152fc8cc5cd5d20d3b265019f4efff1b7ac8763a61ed6f5148244d

  • SSDEEP

    12288:miMQ7iIo7bn8se3d48UW/fhQT3E5zUizEXslNdkdrZvHGk:7i+N48PRQL8xgXslk3mk

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bbbc71308bec5f2060cc886298c14c0aef3380e2f36f7ad1c640a48b9fc8edd.exe
    "C:\Users\Admin\AppData\Local\Temp\5bbbc71308bec5f2060cc886298c14c0aef3380e2f36f7ad1c640a48b9fc8edd.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2F4C1828.dll
    Filesize

    575KB

    MD5

    4e3d34de082615762e35f37693f0e318

    SHA1

    01015c8850dafdfd69544473f0dfb2b59dbab8a9

    SHA256

    3fddeca5f0ec15e11d23e6847ee14ccf9c9a15c785a88cf62589f46a5b107755

    SHA512

    7bbd44b209b7a82cb2616475a978e116b8b183b6bd51c1098bb44eb734664587cdb1af4a5990762295a35940af4cd73d5b6dc76b0b40540d4027251919e96eef

    Download Submit
  • memory/1648-8-0x0000022E9BDB0000-0x0000022E9BDB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1648-13-0x0000022E9BDA0000-0x0000022E9BDA6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1648-6-0x0000022EB6230000-0x0000022EB6372000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1648-0-0x0000022E9B960000-0x0000022E9B9F8000-memory.dmp
    Filesize

    608KB

    Download
  • memory/1648-10-0x0000022E9BDB0000-0x0000022E9BDB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1648-9-0x0000022E9BDB0000-0x0000022E9BDB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1648-3-0x00007FFA968B0000-0x00007FFA97371000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1648-4-0x0000022EB60D0000-0x0000022EB60E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1648-11-0x0000022E9BDB0000-0x0000022E9BDB6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1648-14-0x0000022E9BEA0000-0x0000022E9BEBA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1648-15-0x0000022E9BF20000-0x0000022E9BF32000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1648-16-0x0000022EB60D0000-0x0000022EB60E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1648-17-0x00007FFA968B0000-0x00007FFA97371000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1648-18-0x0000022EB60D0000-0x0000022EB60E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1648-19-0x0000022E9BDB0000-0x0000022E9BDB1000-memory.dmp
    Filesize

    4KB

    Download