Overview

overview

10

Static

static

3

profoma invoice.exe

windows7-x64

10

profoma invoice.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 05:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    profoma invoice.exe

  • Size

    713KB

  • MD5

    205115d53c09553975ebe093dac461b2

  • SHA1

    e62dcafe6d96b592151c93b75544b3c211b238a6

  • SHA256

    cbf14746622e54452570f3b6b620d0831c788c28c8bbb0a1f6cb17746e4973ef

  • SHA512

    30ebce57a1ac51a4506e6fd2cba0e907738700d3670b07a9bc0510908b5aabdb0eb0fc08b1f0713f7dd0912d9284da94ec2979b4e22481eb720cb67a67f0f0e0

  • SSDEEP

    12288:mTReLAfP7wDj3ZiCx2D3Flbl0VzyLqSjaKIYiYP7x31gCrRowa3LlGqbjGU9+yF:4537wDjUxlZ05yLDaKIfYP7RaCNuBGqN

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\profoma invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\profoma invoice.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:332
    • C:\Users\Admin\AppData\Local\Temp\profoma invoice.exe
      "C:\Users\Admin\AppData\Local\Temp\profoma invoice.exe"
      2⤵
        PID:2704

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/332-8-0x0000000007100000-0x0000000007110000-memory.dmp

      Filesize

      64KB

      Download

    • memory/332-4-0x0000000074F00000-0x00000000756B0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/332-0-0x0000000074F0E000-0x0000000074F0F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/332-3-0x00000000056D0000-0x0000000005762000-memory.dmp

      Filesize

      584KB

      Download

    • memory/332-9-0x0000000007210000-0x0000000007226000-memory.dmp

      Filesize

      88KB

      Download

    • memory/332-5-0x0000000005690000-0x000000000569A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/332-6-0x00000000059A0000-0x0000000005A3C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/332-10-0x0000000007580000-0x0000000007604000-memory.dmp

      Filesize

      528KB

      Download

    • memory/332-2-0x0000000005C80000-0x0000000006224000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/332-1-0x0000000000BD0000-0x0000000000C88000-memory.dmp

      Filesize

      736KB

      Download

    • memory/332-7-0x00000000070C0000-0x00000000070DE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/332-15-0x0000000074F00000-0x00000000756B0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/332-13-0x0000000074F0E000-0x0000000074F0F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2704-14-0x0000000074F00000-0x00000000756B0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2704-11-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/2704-17-0x00000000057A0000-0x0000000005806000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2704-16-0x0000000074F00000-0x00000000756B0000-memory.dmp

      Filesize

      7.7MB

      Download