Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 01:05

General

  • Target

    41314bf57541a2a16c6c44442048e4ead8b7e32b562a75b5635ceae793403f32.exe

  • Size

    241KB

  • MD5

    06958a957a651fba0ec57b11d6f7e804

  • SHA1

    0f2acb54e0069ceb34555f483080440e1fa38a27

  • SHA256

    41314bf57541a2a16c6c44442048e4ead8b7e32b562a75b5635ceae793403f32

  • SHA512

    d38db4be16370a6c044aac9cfa0c173e360c28892e1e0e2cd98d511451155bcbb480484b753a5efa6be339957ad2eeb49b6f09cb3822bae9681e5057d81961e7

  • SSDEEP

    3072:X04y6+6GKGcZJ21A9bXBJVzcwJq8Dgj54CcXZ8wepBt3:XK6+6GKGcZJh9lJGwk8DgoXZ8p

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7065054355:AAGvKozyIFTruitkksV45RlLGqriLqyMLhs/

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\41314bf57541a2a16c6c44442048e4ead8b7e32b562a75b5635ceae793403f32.exe
    "C:\Users\Admin\AppData\Local\Temp\41314bf57541a2a16c6c44442048e4ead8b7e32b562a75b5635ceae793403f32.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2040-0-0x00000000740EE000-0x00000000740EF000-memory.dmp

    Filesize

    4KB

  • memory/2040-1-0x0000000000AD0000-0x0000000000B12000-memory.dmp

    Filesize

    264KB

  • memory/2040-2-0x00000000740E0000-0x00000000747CE000-memory.dmp

    Filesize

    6.9MB

  • memory/2040-3-0x00000000740EE000-0x00000000740EF000-memory.dmp

    Filesize

    4KB

  • memory/2040-4-0x00000000740E0000-0x00000000747CE000-memory.dmp

    Filesize

    6.9MB