agenttesla | b23c16643bf0ee432042493f8d9156021f0bab84b18517ba6cf0a75b721b6925

Analysis

max time kernel
92s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 13:28

Target

Product Order Inquiry 37674309.exe
Size

602KB
MD5

0e67cad7c6a52f0ce71753e2d878f009
SHA1

cb0c5bf0531044751e3a8be21ac76795e03c7251
SHA256

b23c16643bf0ee432042493f8d9156021f0bab84b18517ba6cf0a75b721b6925
SHA512

18b6adff896d68a0a4e2c2ed300ba58691e77be89e83f8fdb34b20fcd30fabd22b7fb1d1a90568ca65916f9ed6ab022b04d0520be1311e62391139bc4cc9afa9
SSDEEP

12288:fbFktg5m832TKYKr+zADCjZbQgCELjnbXX9dysE6tb2EW2IQ5mSAa6:fbFkNT5Kazw4JQDELjnbXX9Uh6hWP4md

Score

10^/10

Credentials

Family

agenttesla

Credentials

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3324 set thread context of 2288	3324	Product Order Inquiry 37674309.exe	84

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2288	CasPol.exe
2288	CasPol.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	CasPol.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84
PID 3324 wrote to memory of 2288	3324	Product Order Inquiry 37674309.exe	84

memory/2288-8-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/2288-11-0x0000000006580000-0x000000000661C000-memory.dmp

Filesize
624KB

Download
memory/2288-15-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/2288-14-0x000000007501E000-0x000000007501F000-memory.dmp

Filesize
4KB

Download
memory/2288-4-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2288-5-0x000000007501E000-0x000000007501F000-memory.dmp

Filesize
4KB

Download
memory/2288-13-0x00000000068A0000-0x00000000068AA000-memory.dmp

Filesize
40KB

Download
memory/2288-12-0x0000000006900000-0x0000000006992000-memory.dmp

Filesize
584KB

Download
memory/2288-10-0x0000000006340000-0x0000000006390000-memory.dmp

Filesize
320KB

Download
memory/2288-7-0x0000000005500000-0x0000000005566000-memory.dmp

Filesize
408KB

Download
memory/2288-6-0x0000000005A40000-0x0000000005FE4000-memory.dmp

Filesize
5.6MB

Download
memory/3324-0-0x000001F444CD0000-0x000001F444CDA000-memory.dmp

Filesize
40KB

Download
memory/3324-9-0x00007FFAF4F40000-0x00007FFAF5A01000-memory.dmp

Filesize
10.8MB

Download
memory/3324-1-0x00007FFAF4F43000-0x00007FFAF4F45000-memory.dmp

Filesize
8KB

Download
memory/3324-3-0x00007FFAF4F40000-0x00007FFAF5A01000-memory.dmp

Filesize
10.8MB

Download
memory/3324-2-0x000001F45F4D0000-0x000001F45F566000-memory.dmp

Filesize
600KB

Download