Overview

overview

10

Static

static

3

AudioChanger.exe

windows7-x64

10

AudioChanger.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AudioChanger.exe

  • Size

    1.3MB

  • MD5

    43b0b033d7458249dd76642d996230ba

  • SHA1

    9760d72a56d7e70ea4b1e704073bdc528926ed34

  • SHA256

    bc51460c53989fff76b30039fffe6dfba7b68b44d7a40a0c6e94590141f8814b

  • SHA512

    c56fb332dcc96e5fa6aff706c9081981226b7f82d2e18473a72382e69eadc379ea58e0d6081f091ecdee9d4dee2c75ca60b435964e7bdb43fbdcd881f81ee475

  • SSDEEP

    24576:WEtfWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAe/ALjX:9fWjgYEitVwmzwGXvlBNH89kLZnTKan

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AudioChanger.exe
    "C:\Users\Admin\AppData\Local\Temp\AudioChanger.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:328
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 328 -s 692
      2⤵
        PID:492

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/328-0-0x000007FEF5C13000-0x000007FEF5C14000-memory.dmp

      Filesize

      4KB

      Download

    • memory/328-1-0x0000000000C20000-0x0000000000D78000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/328-2-0x000000001C590000-0x000000001C7A4000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/328-3-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/328-4-0x000007FEF5C13000-0x000007FEF5C14000-memory.dmp

      Filesize

      4KB

      Download

    • memory/328-5-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

      Filesize

      9.9MB

      Download