Overview

overview

7

Static

static

7

nc.zip

windows7-x64

1

nc.zip

windows10-1703-x64

7

nc.zip

windows10-2004-x64

7

nc.zip

windows11-21h2-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    101s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-05-2024 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nc.zip

  • Size

    1.5MB

  • MD5

    620c6a822097c6f0e86fc8f590593e6a

  • SHA1

    5ae5ab9dc37c74b27a6757dc0b5dd101e50c658b

  • SHA256

    dc922017322363b7679cdb2b7bf9175beb70f8723e32f4f29aff100cb4dbcacf

  • SHA512

    68a61a72c6a0fb86af52648a068645e0f5add0d99ed35a0de7ed278c9c16caf9b563358158528086bfc41c0ec046938c21f32e76a8f533e2261b9e9927ab3640

  • SSDEEP

    24576:uE6nXDHLmDb3mNSgm+c1KNLfLTv4uMBlxptWP/RiaXMAQkhXW/9z8K8ntM3y7YcX:upXO/MSg/c4FKTWP/RiD0k9z8K8f7EOL

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\nc.zip
    1⤵
      PID:1608
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3556
      • C:\Users\Admin\Desktop\NETFLIXCHECKER-VIP.exe
        "C:\Users\Admin\Desktop\NETFLIXCHECKER-VIP.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:384

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/384-0-0x00007FF8E9543000-0x00007FF8E9544000-memory.dmp

        Filesize

        4KB

        Download

      • memory/384-1-0x000001EBEBD30000-0x000001EBEBD7A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/384-2-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/384-3-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/384-4-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/384-6-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/384-5-0x000001EBEC100000-0x000001EBEC106000-memory.dmp

        Filesize

        24KB

        Download

      • memory/384-7-0x000001EBEC1C0000-0x000001EBEC1EA000-memory.dmp

        Filesize

        168KB

        Download

      • memory/384-8-0x000001EBEC130000-0x000001EBEC13E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/384-9-0x000001EBEE280000-0x000001EBEE332000-memory.dmp

        Filesize

        712KB

        Download

      • memory/384-10-0x00007FF8E9543000-0x00007FF8E9544000-memory.dmp

        Filesize

        4KB

        Download

      • memory/384-11-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/384-12-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/384-13-0x00007FF8E9540000-0x00007FF8E9F2C000-memory.dmp

        Filesize

        9.9MB

        Download