4b8766194b1bd178d67178826cce15ee734ace9a32e7535b694d4e72fd172cde

Resubmissions

17/11/2024, 20:54

241117-zp1hfsycjm 7

Analysis

max time kernel
150s
max time network
148s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17/11/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Felk/Felk.exe
Size

1.4MB
MD5

6048db38aa4a61979ee56fdfa2ac4632
SHA1

9258a870a19c48feedb09d653b05f2417fd39cef
SHA256

45b11b72851723dc55ad244d58563d8024dbcb67dc61734776545043a6786492
SHA512

903f98b4cc4ab9290b1c8527713d50524abc424198822ec1737c9fa6ce4766d9a96f182ea24005c76ec53e12a0bee75aa137532dc02d2389df6a6358aa144b40
SSDEEP

12288:2CsmKysMAMhMTMVxu2LCMVxuiMVxuiMVxuhg+lE3MmM:2fMAMhM4xKKggqE3MmM

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2612	Felk.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral3/memory/2612-2-0x0000013FDAFE0000-0x0000013FDB22C000-memory.dmp	agile_net

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe
2612	Felk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2612	Felk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2612	Felk.exe
2612	Felk.exe

C:\Users\Admin\AppData\Local\Temp\Felk\Felk.exe
"C:\Users\Admin\AppData\Local\Temp\Felk\Felk.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\41a9119e-2bb1-41eb-a7e2-13c2a2bee220\GunaDotNetRT64.dll

Filesize
142KB

MD5
9c43f77cb7cff27cb47ed67babe3eda5

SHA1
b0400cf68249369d21de86bd26bb84ccffd47c43

SHA256
f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

SHA512
cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

Download Submit
memory/2612-17-0x0000013FE1EC0000-0x0000013FE1F18000-memory.dmp

Filesize
352KB

Download
memory/2612-14-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-10-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-11-0x00007FFE193B0000-0x00007FFE193D7000-memory.dmp

Filesize
156KB

Download
memory/2612-12-0x0000013FC1920000-0x0000013FC197C000-memory.dmp

Filesize
368KB

Download
memory/2612-9-0x00007FFE14B50000-0x00007FFE14C9F000-memory.dmp

Filesize
1.3MB

Download
memory/2612-1-0x0000013FBFA30000-0x0000013FBFB8C000-memory.dmp

Filesize
1.4MB

Download
memory/2612-18-0x00007FFE060D3000-0x00007FFE060D5000-memory.dmp

Filesize
8KB

Download
memory/2612-0-0x00007FFE060D3000-0x00007FFE060D5000-memory.dmp

Filesize
8KB

Download
memory/2612-15-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-2-0x0000013FDAFE0000-0x0000013FDB22C000-memory.dmp

Filesize
2.3MB

Download
memory/2612-16-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-13-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-19-0x0000013FE15B0000-0x0000013FE15B8000-memory.dmp

Filesize
32KB

Download
memory/2612-20-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-21-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-22-0x00007FFE193B0000-0x00007FFE193D7000-memory.dmp

Filesize
156KB

Download
memory/2612-23-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-24-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-25-0x0000013FDC020000-0x0000013FDC78B000-memory.dmp

Filesize
7.4MB

Download
memory/2612-26-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-27-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download
memory/2612-28-0x00007FFE060D0000-0x00007FFE06B92000-memory.dmp

Filesize
10.8MB

Download