Overview

overview

10

Static

static

10

Release/Guna.UI2.dll

windows7-x64

1

Release/Guna.UI2.dll

windows10-2004-x64

1

Release/HA...or.exe

windows7-x64

3

Release/HA...or.exe

windows10-2004-x64

Analysis

  • max time kernel
    31s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 05:41

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Release/HAVOC-Injector.exe

  • Size

    7.3MB

  • MD5

    8c7749c7bad82ce89360100c85aade36

  • SHA1

    c15469f1e1e670f526962a57d9da7dfb86f78fa4

  • SHA256

    bd999cdb5d849091a18dca558820f2a81358d5287f8aacbb1ba2fe1219b75b17

  • SHA512

    c8661b24823be7d25f0a979206c931e28e19d0e46861c49c0ba201ce6a7b86ef479a81457525a315663b48f4197000b17cc1aba40b4df47bebf13897e29b6f47

  • SSDEEP

    196608:EC3xHVal0QebYVrIFWUT/TEZN7tRkaYQGaKYbzjqzKXi9mH4X:Dh1y0QXrIFWUEZrRzbzjBXi9Q4

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Release\HAVOC-Injector.exe
    "C:\Users\Admin\AppData\Local\Temp\Release\HAVOC-Injector.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4308-0-0x00007FFABC2B3000-0x00007FFABC2B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4308-1-0x000001CD79420000-0x000001CD79B66000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/4308-2-0x000001CD7C460000-0x000001CD7C672000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4308-3-0x00007FFABC2B0000-0x00007FFABCD71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-4-0x00007FFABC2B0000-0x00007FFABCD71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-5-0x00007FFABC2B0000-0x00007FFABCD71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-6-0x00007FFABC2B3000-0x00007FFABC2B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4308-7-0x00007FFABC2B0000-0x00007FFABCD71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-8-0x000001CD7C680000-0x000001CD7C829000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4308-9-0x00007FFABC2B0000-0x00007FFABCD71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-10-0x00007FFABC2B0000-0x00007FFABCD71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-11-0x000001CD7C680000-0x000001CD7C829000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4308-12-0x000001CD7C680000-0x000001CD7C829000-memory.dmp

    Filesize

    1.7MB

    Download