Overview

overview

7

Static

static

7

aca9836738...0N.exe

windows7-x64

7

aca9836738...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    25s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 08:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aca98367382117149039b2c9f1779dc0N.exe

  • Size

    90KB

  • MD5

    aca98367382117149039b2c9f1779dc0

  • SHA1

    e0fa4aa5cc2a3de332ca1239badbebc42dc43d3c

  • SHA256

    12f8c635e03b1cf0047f3d6daed80d85fc1ed2fe253d53d7548104357ac7d4d5

  • SHA512

    b8e2bf6833b1834006cebf6717d7797b47780ea0a69468975a6d371e1db11a63dbe30b48251309f4e634e9b45eaa9f7b3520b23d8d84e4da74deef8176e03f2f

  • SSDEEP

    1536:DaUh3k8wTfzdirCduoJjvbGsQTHZnZLAKwa3fu8LihG5oiKA0QEFVZH3GXzppNMa:DNVk8wVegbGsQT5nhAcvLiHiD0QEX5wG

Score
7/10
agilenet

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aca98367382117149039b2c9f1779dc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\aca98367382117149039b2c9f1779dc0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2292 -s 604
      2⤵
        PID:2904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\8a77ccfd-9240-4f21-9c14-2bbe851b0d34\AgileDotNetRT64.dll
      Filesize

      75KB

      MD5

      42b2c266e49a3acd346b91e3b0e638c0

      SHA1

      2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

      SHA256

      adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

      SHA512

      770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

      Download Submit

    • memory/2292-0-0x000007FEF5423000-0x000007FEF5424000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2292-1-0x00000000001E0000-0x00000000001FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2292-8-0x000007FEF7790000-0x000007FEF78BC000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2292-9-0x000007FEF5420000-0x000007FEF5E0C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2292-10-0x000007FEF5423000-0x000007FEF5424000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2292-11-0x000007FEF5420000-0x000007FEF5E0C000-memory.dmp

      Filesize

      9.9MB

      Download