12a01456576f166020746a82a085fe61bd8cf45c2d017a39fee493c5fe76235a

General

Target

IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe
Size

491KB
MD5

7114e0214ac5ba37b67f749538245a53
SHA1

71dc51536dd72607ad54f7bf34dede9827a9b07a
SHA256

12a01456576f166020746a82a085fe61bd8cf45c2d017a39fee493c5fe76235a
SHA512

28b901781456b6334d1ea5e0b201207ea6f1046a90d4694972bbd2b4fd64116bc8f804559f7e6be13766443fa019a9379aa5d26d9c162456c593405af92058f2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe

description	pid	process	target process
PID 1732 wrote to memory of 1988	1732	IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe	dw20.exe
PID 1732 wrote to memory of 1988	1732	IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe	dw20.exe
PID 1732 wrote to memory of 1988	1732	IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe	dw20.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

dw20.exe

description pid process

Token: SeRestorePrivilege 1988 dw20.exe
Token: SeBackupPrivilege 1988 dw20.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

dw20.exe

pid process

1988 dw20.exe
1988 dw20.exe

description	pid	process
Token: SeRestorePrivilege	1988	dw20.exe
Token: SeBackupPrivilege	1988	dw20.exe

pid	process
1988	dw20.exe
1988	dw20.exe

C:\Users\Admin\AppData\Local\Temp\IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe
"C:\Users\Admin\AppData\Local\Temp\IMG 260520 Solicitud de pago de factura morosa por 1.643.000 (Un millon seiscientos cuarenta y tres mil pesos COP).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 864
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-0-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1988-1-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1988-3-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-4-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/1988-5-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-6-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-8-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-7-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-9-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-10-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-11-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-12-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-13-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-14-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-15-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-16-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-17-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-18-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-19-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-20-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-21-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-22-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-23-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-24-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-25-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-26-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-27-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-28-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-29-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-30-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-31-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-32-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-33-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-34-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-35-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-36-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-37-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-38-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-39-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-40-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-41-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-42-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-43-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-44-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-45-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-46-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-47-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-48-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-49-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-50-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-51-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1988-52-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads