Overview

overview

7

Static

static

3

aec3d30b3d...55.exe

windows7-x64

7

aec3d30b3d...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 01:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aec3d30b3d0b684e97a5820db21dd64df2208b86eb19433a26d9aba08b2ac655.exe

  • Size

    553KB

  • MD5

    bd855bfca47e55fe6501719a6efe3358

  • SHA1

    7842b2b75624d1b60e7802d5382514969ed0fa7d

  • SHA256

    aec3d30b3d0b684e97a5820db21dd64df2208b86eb19433a26d9aba08b2ac655

  • SHA512

    3ce2c748fa78d5e7e0d64811d84f4b082a1db50db14d7f964b12110ab9bfe93ecc6882e76ca9cc8b1e6f27318f6c51b6be629a9b32a2df33727ddacf4c32ea46

  • SSDEEP

    12288:w0tCSx8YwSzqwf6ciciAVDklq5Dv1D9hNkZrMP/:wUCqwoViTAqkPDfNSr+

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aec3d30b3d0b684e97a5820db21dd64df2208b86eb19433a26d9aba08b2ac655.exe
    "C:\Users\Admin\AppData\Local\Temp\aec3d30b3d0b684e97a5820db21dd64df2208b86eb19433a26d9aba08b2ac655.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\104D3570.dll
    Filesize

    500KB

    MD5

    df107bd3a89d30ed9252275fe1b894dd

    SHA1

    91d8c92f7a1a3b8b37e2a8740ec8f58d971217dc

    SHA256

    8348bf2a42eb6a618eaf401fcf304408d91c0d37cc1a81f07e5fb770adddef61

    SHA512

    0a9ac058460796d67cf08182440763e8323b217192c0635f9a6951c114ecc7d566a74bb39cc17771053a4c267bc624e197bb6292f986307d3a3af217a3c768f1

    Download Submit
  • memory/2332-12-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2332-13-0x000001CE1DC20000-0x000001CE1DC3A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/2332-6-0x000001CE37EF0000-0x000001CE3800E000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2332-8-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2332-9-0x000001CE1DBB0000-0x000001CE1DBB6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2332-11-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2332-4-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2332-0-0x00007FF992433000-0x00007FF992435000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2332-1-0x000001CE1D770000-0x000001CE1D800000-memory.dmp
    Filesize

    576KB

    Download
  • memory/2332-14-0x000001CE1DC50000-0x000001CE1DC62000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2332-16-0x000001CE37E60000-0x000001CE37E9C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2332-18-0x00007FF992433000-0x00007FF992435000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2332-19-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2332-20-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2332-21-0x00007FF992430000-0x00007FF992EF1000-memory.dmp
    Filesize

    10.8MB

    Download