1d54f75b31713396cf394bcc659ec80470eff7a3c90bb66b179e80775286e9c5

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlitzedV12/BlitzedGrabberV12.exe
Size

1.9MB
MD5

006cd7ac7f04dfecdb6c58c9e380aca0
SHA1

fd06e16fd731dacb516a945a6cb619b30ecf7ff4
SHA256

b0ec85887a9ad75110914916ab2a2d45487e4b65713d4272c050430d80665e64
SHA512

47014779312ec5d9481a3c2c97d7e48884e8f61b7a03ee980c2b40fb9e32cfa078554abc45b67d04f6786d2013b0cec0d8be700bda150990f7c44dc6469bef09
SSDEEP

49152:MmAznU4n9t2ELj18p4BDifoM83ig9Apl14yG:z49wi73fWc

Score

7^/10

agilenet discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2220	BlitzedGrabberV12.exe

Obfuscated with Agile.Net obfuscator 33 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2220-3-0x0000000005250000-0x0000000005442000-memory.dmp	agile_net
behavioral1/memory/2220-12-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-15-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-13-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-17-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-21-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-23-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-25-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-27-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-31-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-35-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-37-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-39-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-33-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-29-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-19-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-41-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-49-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-60-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-65-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-73-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-51-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-71-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-69-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-67-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-63-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-61-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-57-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-55-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-53-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-47-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-45-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net
behavioral1/memory/2220-43-0x0000000005250000-0x000000000543E000-memory.dmp	agile_net

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlitzedGrabberV12.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2220	BlitzedGrabberV12.exe
2220	BlitzedGrabberV12.exe

C:\Users\Admin\AppData\Local\Temp\BlitzedV12\BlitzedGrabberV12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedV12\BlitzedGrabberV12.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BlitzedV12\BlitzedGrabberV12.exe.Config

Filesize
320B

MD5
c6e6fc3cdec0ad213d9330a9b630fd5c

SHA1
ed4278e0e4b9d1b47fbe92ca2f98af62e5d6c027

SHA256
96c2db8d8037a20cc6550c935f9a11da70f84a2bc64a1be1807b06bc1bda2492

SHA512
37ee70ae328547b684db668ce59c9f7eea672184fb1f5ed41341a0fab84bbe0419f0706742832fc6f1ae78e474cd1d3f5f757fc9c44ed0ca557101a733532e0f

Download Submit
\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
memory/2220-60-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-33-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-2-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-12-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-15-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-13-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-17-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-21-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-23-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-25-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-27-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-31-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-35-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-37-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-39-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-65-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-29-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-19-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-11-0x0000000073F80000-0x0000000074000000-memory.dmp

Filesize
512KB

Download
memory/2220-10-0x00000000739A0000-0x00000000739D7000-memory.dmp

Filesize
220KB

Download
memory/2220-41-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-49-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-3-0x0000000005250000-0x0000000005442000-memory.dmp

Filesize
1.9MB

Download
memory/2220-0-0x000000007418E000-0x000000007418F000-memory.dmp

Filesize
4KB

Download
memory/2220-11667-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-51-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-71-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-69-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-67-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-63-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-61-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-57-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-55-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-53-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-47-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-45-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-43-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-11666-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-73-0x0000000005250000-0x000000000543E000-memory.dmp

Filesize
1.9MB

Download
memory/2220-11668-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-1-0x00000000010C0000-0x00000000012B0000-memory.dmp

Filesize
1.9MB

Download
memory/2220-11676-0x000000007418E000-0x000000007418F000-memory.dmp

Filesize
4KB

Download
memory/2220-11677-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-11678-0x00000000739A0000-0x00000000739D7000-memory.dmp

Filesize
220KB

Download
memory/2220-11679-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-11680-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download