Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

AgentTesla.v3 Mal/Generic-S

Dynamic Analysis Report

Created on 2022-07-25T10:21:53+00:00

89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Roaming\zwLLFjVv.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 744.50 KB
MD5 24b0be710ed42b1ec10224db8db55bf6 Copy to Clipboard
SHA1 597bce6e93351125632e9b92fb2ca35fca8bc75d Copy to Clipboard
SHA256 89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316 Copy to Clipboard
SSDeep 12288:AiekMj/31humhJGu/8k9kKuB/04ZZmz3Cr/KNdS2iyNAlCj+:Fcnumiu5kKMc4Lu3rNYwSlCS Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004B990E
Size Of Code 0x000B7A00
Size Of Initialized Data 0x00002600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2102-01-19 03:38 (UTC+1)
Version Information (11)
»
Comments Card Puncher
CompanyName Landskip Yard Care
FileDescription Infusion
FileVersion 1.2.0.0
InternalName ObjectN.exe
LegalCopyright Landskip Yard Care © 2021
LegalTrademarks
OriginalFilename ObjectN.exe
ProductName Infusion
ProductVersion 1.2.0.0
Assembly Version 1.2.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000B7914 0x000B7A00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.56
.rsrc 0x004BA000 0x000022BC 0x00002400 0x000B7C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.43
.reloc 0x004BE000 0x0000000C 0x00000200 0x000BA000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000B98E8 0x000B7AE8 0x00000000
Memory Dumps (12)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe 1 0x002C0000 0x0037FFFF Relevant Image False 32-bit - False
...
buffer 1 0x003F0000 0x00408FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x00600000 0x00602FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05DD0000 0x05E3AFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe 1 0x002C0000 0x0037FFFF Final Dump False 32-bit - False
...
buffer 1 0x04B30000 0x04B66FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 5 0x00400000 0x00439FFF Content Changed False 32-bit - False
...
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe 5 0x002C0000 0x0037FFFF Relevant Image False 32-bit - False
...
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe 1 0x002C0000 0x0037FFFF Process Termination False 32-bit - False
...
zwllfjvv.exe 10 0x00920000 0x009DFFFF Relevant Image False 32-bit - False
...
buffer 10 0x00760000 0x00778FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
zwllfjvv.exe 10 0x00920000 0x009DFFFF Final Dump False 32-bit - False
...
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 108.45 KB
MD5 35ffdd428e3d7484fd32f150a6a2b375 Copy to Clipboard
SHA1 eab8b90e6c38e3ee130227141f266421901b4ab9 Copy to Clipboard
SHA256 8186ee97b83e9ebaaad411ee91050beb5ecdafc34fd88f0d4e0b318d6654bcb6 Copy to Clipboard
SSDeep 768:tU33iHuvsHgTllu54o9Bx68tSWSww+oOVjHBBpWkpJJiKJEI0UaXLPo4lXif:amuvsHgTllpojxGjOVjckpJJiKJorgf Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 3b124f39977734e519b4d76da3fd1429 Copy to Clipboard
SHA1 93258edf50199af514b466e27af94b44f9eee8a7 Copy to Clipboard
SHA256 790a6af00576b6ee07663cf571a92e5b72379c9d24f3599af1fa9fec8aeb168a Copy to Clipboard
SSDeep 3:5tmlNlPlcy:5tm/ Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp9370.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.56 KB
MD5 3ebbb27bfcb424481bb5262faa796ec0 Copy to Clipboard
SHA1 692a1a7470826d80fa7004085e0af2d3b3a248c6 Copy to Clipboard
SHA256 f76019ef7e45f262e57b72ba801065cb11d5f64896056c84d309296f03e96c51 Copy to Clipboard
SSDeep 48:cgeD1N14YrFdOFzOzN33ODOiDdKrsuTrv:HeD1gYrFdOFzOz6dKrsuX Copy to Clipboard
ImpHash -
b5a21327195e386b76f3b3342150cd99ce579fa406e733e2a4952a61eabc5330 Extracted File Image
Clean
...
»
Parent File C:\Users\kEecfMwgj\AppData\Roaming\zwLLFjVv.exe
MIME Type image/png
File Size 7.59 KB
MD5 af8544beda983d157d6568be6b31754e Copy to Clipboard
SHA1 f623a04a86d4f1c8d07827c3caeb54add9a77083 Copy to Clipboard
SHA256 b5a21327195e386b76f3b3342150cd99ce579fa406e733e2a4952a61eabc5330 Copy to Clipboard
SSDeep 192:1SO799d6WRNFZDzuRDdY0FdB3SngJQoecTgDka+5utpTU/ECSolS477314QI:U4nIRG0FjHO7wa+WpQ/EX0hNI Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image