Overview

overview

10

Static

static

5

7488ca7862...0e.exe

windows7-x64

10

7488ca7862...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 01:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7488ca7862e4f048641887a7b5871c2c6951a7b0bb7c1fe2280791ee67c3170e.exe

  • Size

    1.2MB

  • MD5

    0ed3cf6d08a004d3a2919aa83f1322a6

  • SHA1

    a4d661a75085cc9ad1d5c43a0a6a231df19f6c71

  • SHA256

    7488ca7862e4f048641887a7b5871c2c6951a7b0bb7c1fe2280791ee67c3170e

  • SHA512

    888337ade4c215c301d02256f81d148f71aeed3e4b938272168f23909730fca11a9d9a3797b6d8857f7ef8cb79a40f2f9460bb9e4c11ef68d1437216e77d84a2

  • SSDEEP

    24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaUFB3WbQa/R9szWv0D5:Wh+ZkldoPK8YaULza/b0Wvo

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7488ca7862e4f048641887a7b5871c2c6951a7b0bb7c1fe2280791ee67c3170e.exe
    "C:\Users\Admin\AppData\Local\Temp\7488ca7862e4f048641887a7b5871c2c6951a7b0bb7c1fe2280791ee67c3170e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\7488ca7862e4f048641887a7b5871c2c6951a7b0bb7c1fe2280791ee67c3170e.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2620

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Gehman
          Filesize

          262KB

          MD5

          774d2a06cf8b151348074b4d98a0604f

          SHA1

          dd9fc030835ba20611a2297ef93c868a88d63377

          SHA256

          13c49c7dfe916cb12438f15b7ce4ed3118a058a601f23af2acf07e6f96446239

          SHA512

          409748f76e589a84fc992f74281bff244af7c0248d8e7022896730c0d02527f7813b9138df665496a856200c20fb16a7f8a05a9cbd6057836020c021b2f34abb

          Download Submit

        • memory/808-11-0x0000000000120000-0x0000000000124000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2620-12-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2620-14-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2620-15-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2620-16-0x000000007418E000-0x000000007418F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2620-17-0x0000000000450000-0x00000000004A4000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2620-18-0x0000000000C30000-0x0000000000C82000-memory.dmp

          Filesize

          328KB

          Download

        • memory/2620-19-0x0000000074180000-0x000000007486E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2620-20-0x0000000074180000-0x000000007486E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2620-21-0x0000000074180000-0x000000007486E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2620-73-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-41-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-23-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-22-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-81-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-79-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-77-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-75-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-71-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-69-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-67-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-65-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-63-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-61-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-59-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-57-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-55-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-53-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-51-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-49-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-47-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-45-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-43-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-39-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-37-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-35-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-33-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-31-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-29-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-27-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-1052-0x0000000074180000-0x000000007486E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2620-25-0x0000000000C30000-0x0000000000C7D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2620-1053-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2620-1054-0x000000007418E000-0x000000007418F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2620-1055-0x0000000074180000-0x000000007486E000-memory.dmp

          Filesize

          6.9MB

          Download