Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

AgentTesla.v3

Dynamic Analysis Report

Created on 2022-05-04T15:48:31+00:00

7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\AppData\Roaming\lyfhOEwABQlG.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\Desktop\7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915.exe (Sample File, Accessed File, VM File)
MIME Type application/vnd.microsoft.portable-executable
File Size 523.50 KB
MD5 4c414b473bccbbce2c7cde00248ea1a1 Copy to Clipboard
SHA1 77bf848d5a1d4d0fdc252aa170e7b8af19bcc012 Copy to Clipboard
SHA256 7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915 Copy to Clipboard
SSDeep 12288:P2L2I3WfZbHLfAFrv3fjx5u45RXKmMPA6KAzVb9Dg+qyx2H:P25I17A1vtg43KpPA6Nb98+qyx2H Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0048405A
Size Of Code 0x00082200
Size Of Initialized Data 0x00000A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2085-03-23 06:33 (UTC+1)
Version Information (11)
»
Comments
CompanyName sandboxie-plus.com
FileDescription Sandboxie Installer
FileVersion 1.0.0.0
InternalName PolicyExcept.exe
LegalCopyright Copyright © 2020-2021 by David Xanatos (xanasoft.com)
LegalTrademarks
OriginalFilename PolicyExcept.exe
ProductName Sandboxie
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x00082060 0x00082200 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.97
.rsrc 0x00486000 0x0000063C 0x00000800 0x00082400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.51
.reloc 0x00488000 0x0000000C 0x00000200 0x00082C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00084030 0x00082230 0x00000000
Memory Dumps (7)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915.exe 1 0x00400000 0x00489FFF Relevant Image False 32-bit - False False
...
buffer 1 0x04880000 0x04891FFF Reflectively Loaded .NET Assembly False 32-bit - False False
...
buffer 1 0x07B90000 0x07C07FFF Reflectively Loaded .NET Assembly False 32-bit - False False
...
7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915.exe 1 0x00400000 0x00489FFF Final Dump False 32-bit - False False
...
buffer 1 0x07C50000 0x07C86FFF Reflectively Loaded .NET Assembly False 32-bit - False False
...
buffer 7 0x00400000 0x00439FFF Content Changed False 32-bit - False False
...
7bb212946fdeb406c7aa8f691405d185065514d5dc1f269f8e409762ff9f6915.exe 1 0x00400000 0x00489FFF Process Termination False 32-bit - False False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp5E17.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.56 KB
MD5 1b0cc920473b14702fc64124086b55fd Copy to Clipboard
SHA1 6926d0d67f4847eb337b73f41520952c897bedbc Copy to Clipboard
SHA256 4bd27107d3e82c384f92c2f65d1b98f7c8215fe19f68302e955d1e0663d07d98 Copy to Clipboard
SSDeep 24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtIxvn:cge2UYrFdOFzOzN33ODOiDdKrsuTov Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image