b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780

Analysis

max time kernel
105s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780.exe
Size

254KB
MD5

10f73f10bdd83a02a89e2dea57bcdb7c
SHA1

8e0fb3c8d3f341fd7ed7a3f94209418202a5467a
SHA256

b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780
SHA512

c1eab746d2c529ba3006498982cc647e63260f02aa56ceedc313a776147a49ebfa23e97122a779db345c92223733f5b7321685a1fea468e5da4efc0f503a73d1
SSDEEP

3072:bGsbKonnfnoSGQWAFFWctEy21h4PQCDWimf4tI+45YCqYcQUhUAEABL5Ob/6XpmY:bGUnfoShWPh6JtI+6PcphkUSyXpmppf

Score

7^/10

agilenet discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5148	b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral2/memory/5148-1-0x0000000000700000-0x0000000000746000-memory.dmp	agile_net

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780.exe

C:\Users\Admin\AppData\Local\Temp\b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780.exe
"C:\Users\Admin\AppData\Local\Temp\b5048d690d3f4da32eb120c8c290f637fe46fd01c17434ff66b011a79ed99780.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2aee5b5b-355d-42c4-b489-e2e83e6dfe7c\AgileDotNetRT.dll

Filesize
120KB

MD5
a29c3316f8e89dcfe7e9e853d7173527

SHA1
b5ff8f9f9298ac05f16fe715200ef6b06cfd4a98

SHA256
99cbe880112f80b7f7dffb285452694ac9a338e49d0e96584ea9ae1850fc59dd

SHA512
f83363abb8930d54be334a72932dea99e87ef2ff36b07b263a19743f2a8fbd11af310323837a863b51f99efd910c90d5b7373c9d3da1628de3888215197b4998

Download Submit
memory/5148-0-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/5148-1-0x0000000000700000-0x0000000000746000-memory.dmp

Filesize
280KB

Download
memory/5148-9-0x0000000073470000-0x00000000734F9000-memory.dmp

Filesize
548KB

Download
memory/5148-11-0x00000000729A0000-0x00000000729D3000-memory.dmp

Filesize
204KB

Download
memory/5148-10-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/5148-13-0x00000000729A0000-0x00000000729D3000-memory.dmp

Filesize
204KB

Download
memory/5148-14-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download