Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 18:40
General
-
Target
AudioChanger.exe
-
Size
1.4MB
-
MD5
1e3af2aa523db756f13cd5274208d273
-
SHA1
924c7673a6808e51df709937f7cd5e349839df16
-
SHA256
bf2239405f9dd620fc5c74ac45eb41ec8bb5d9fb6f191bc5911e094bb4514b32
-
SHA512
7a55e3b5e818cfe9b0123eed8fb0479de809ab8384347d36e7a7b42756d2e776fff5fdfff207a7fe2bf0d047f23b041a8b4cf97604feeef80c473afc273c0666
-
SSDEEP
24576:eI0fWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAo9:GfWjgYEitVwmzwGXvlBNH89kLZnTKan
Score
10/10
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AudioChanger.exe"C:\Users\Admin\AppData\Local\Temp\AudioChanger.exe"1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2164 -s 7042⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2164-0-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmpFilesize
4KB
-
memory/2164-1-0x0000000000900000-0x0000000000A60000-memory.dmpFilesize
1.4MB
-
memory/2164-2-0x000000001C610000-0x000000001C824000-memory.dmpFilesize
2.1MB
-
memory/2164-3-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmpFilesize
9.9MB
-
memory/2164-4-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmpFilesize
4KB
-
memory/2164-5-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmpFilesize
9.9MB