Try VMRay Platform
Malicious
Classifications

Spyware Injector

Threat Names

AgentTesla AgentTesla.v4

Dynamic Analysis Report

Created on 2024-02-12T12:53:23+00:00

vzow7cdZzDgRToZ - Copy.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 minutes, 59 seconds" to "10 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\vzow7cdZzDgRToZ - Copy.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Roaming\UwHfPvZrqN.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 682.00 KB
MD5 59fcffaf858a44e45df79af6d8da3731 Copy to Clipboard
SHA1 2efa4f9b5d0bded1992cbf0892fd42829deea3ef Copy to Clipboard
SHA256 929e32de615a07a4d2635f30c071b1c4b7843a64caedc2f381122d8df25ee473 Copy to Clipboard
SSDeep 12288:l6EzqHKMbNozEDBH0Eqk88aFlJ65jniQwtdUCKyh4e3ueRNRBCkspl3SF:lRz87b42HjnepeYbMbi Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x004A9A4A
Size Of Code 0x000A7C00
Size Of Initialized Data 0x00002A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-02-12 03:13 (UTC)
Version Information (11)
»
Comments -
CompanyName -
FileDescription Transformations
FileVersion 2.0.0.0
InternalName fPZCHvd.exe
LegalCopyright -
LegalTrademarks -
OriginalFilename fPZCHvd.exe
ProductName Transformations
ProductVersion 2.0.0.0
Assembly Version 3.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000A7AC8 0x000A7C00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.97
.rsrc 0x004AA000 0x000026FC 0x00002800 0x000A7E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.59
.reloc 0x004AE000 0x0000000C 0x00000200 0x000AA600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000A9A20 0x000A7C20 0x00000000
Memory Dumps (14)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
vzow7cdzzdgrtoz - copy.exe 1 0x01230000 0x012DFFFF Relevant Image False 32-bit - False
...
buffer 1 0x003B0000 0x003BDFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x00570000 0x00574FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x00580000 0x00588FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x00570000 0x00574FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x04E80000 0x04F01FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
vzow7cdzzdgrtoz - copy.exe 1 0x01230000 0x012DFFFF Final Dump False 32-bit - False
...
vzow7cdzzdgrtoz - copy.exe 1 0x01230000 0x012DFFFF Process Termination False 32-bit - False
...
uwhfpvzrqn.exe 12 0x00850000 0x008FFFFF Relevant Image False 32-bit - False
...
buffer 12 0x003F0000 0x003FDFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 12 0x00660000 0x00664FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 12 0x00680000 0x00688FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 12 0x059D0000 0x05A51FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
uwhfpvzrqn.exe 12 0x00850000 0x008FFFFF Process Termination False 32-bit - False
...
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 108.52 KB
MD5 fb635f33491089b63450c38f7e377043 Copy to Clipboard
SHA1 02bdffe03b1e86f37fcab05c8eeb9669b01569ef Copy to Clipboard
SHA256 8ea1a8a1723bec39fa02ccaf05b6345755143ed8aaefc8a13efb72497b187052 Copy to Clipboard
SSDeep 768:0U3VHXvjI3HgTliu9eRXKSww+EOBfHBBpWkJJniKZEIa0pWDiAl4eBXooY4:ZXvs3HgTliu0OBfckJJniKZGCAtZY Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 108.52 KB
MD5 78a2f192f949b36aa7e857adf84443c2 Copy to Clipboard
SHA1 a885e038ca65a00d3955db7a05d1066bbc892d31 Copy to Clipboard
SHA256 a3003de3461bcd5415bb94d007bbe539675279f99f0e0772a5735b4a68bf844a Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 108.52 KB
MD5 d7cad5355c6a826e372084a9abd0d0c2 Copy to Clipboard
SHA1 7a5942d88513682d8e361307ba89510c5849fdc5 Copy to Clipboard
SHA256 50b195cace478e6c1e449aaee4f8dfb9859afa141fd232976f9661d2ff83abae Copy to Clipboard
SSDeep 768:0U3VHXvjI3HgTlNu9oRXCSww+EOlfHBBpWkJJFiK7EIa0pWDiAl4eBXoof4:ZXvs3HgTlNuiOlfckJJFiK7GCAtZf Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 72fb647b2d0483e680783b144fe9cc8a Copy to Clipboard
SHA1 a91a706ae2b1d6070e2d68c42dfa487baa906731 Copy to Clipboard
SHA256 2be64981c880589971a44f69e41bd016120f06a6475e3ba3aed629edeaecc8a9 Copy to Clipboard
SSDeep 3:5tmlNlv08s:5tmi8s Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp4AA6.tmp Dropped File Text
Clean
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Local\Temp\tmpB90C.tmp (Dropped File, Accessed File)
MIME Type text/xml
File Size 1.56 KB
MD5 645df9f33e866605beb10dc2a0f08436 Copy to Clipboard
SHA1 c5462f6598a4f17ccd7358c7a5c1f944722efe28 Copy to Clipboard
SHA256 75887ebd66d802c69badc7446cd134b7e9e5ea1c2b41d1b78b7b44396134eb47 Copy to Clipboard
SSDeep 48:cgeD1N14YrFdOFzOzN33ODOiDdKrsuTXv:HeD1gYrFdOFzOz6dKrsuD Copy to Clipboard
ImpHash -
1a95ef6e164b7b75a798264283d1207315732bb7b02cc56c4a6c95d51da6b8ca Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 12 Bytes
MD5 fe9ff3066fe8164afd6e58254136c014 Copy to Clipboard
SHA1 c25dfd9956f9d91b3470c8b920a129207baf0144 Copy to Clipboard
SHA256 1a95ef6e164b7b75a798264283d1207315732bb7b02cc56c4a6c95d51da6b8ca Copy to Clipboard
SSDeep 3:Cec:o Copy to Clipboard
ImpHash -
c09fee461158e4edda781a2537f32fa77969a6dd7ce6561936131e5c3cc4ce59 Extracted File Image
Clean
...
»
Parent File C:\Users\kEecfMwgj\AppData\Roaming\UwHfPvZrqN.exe
MIME Type image/png
File Size 8.73 KB
MD5 8d70e81f12751224e49523bd2a07f569 Copy to Clipboard
SHA1 f6be85d0b576818bb1e4bc9c88ab3bbd91baab83 Copy to Clipboard
SHA256 c09fee461158e4edda781a2537f32fa77969a6dd7ce6561936131e5c3cc4ce59 Copy to Clipboard
SSDeep 192:1SmzOfJNZkXDs2mkznyPxZik4Ma8hhiPA+TVugm1tjOwTR7I:Umz8CoF4nsPgMri4WI5r0 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image