Analysis
-
max time kernel
77s -
max time network
63s -
platform
windows7_x64 -
resource
win7 -
submitted
07/07/2020, 18:31
General
-
Target
Notificación de detalles bancarios.exe
-
Size
417KB
-
MD5
00b5434826c2dbec6a8a42e21b48b52b
-
SHA1
125ba9db5eaa10979451730467fd6a8fc783e578
-
SHA256
d2700790fa8bd50e3dc8fb99b0c3ce8f10fbdbf23445b38f20bf9e327f5d40ca
-
SHA512
c518d570ee60e09844ca6c4ba8f7649a29d47f3415765cd82f2885ede8a397376d3404a6c77f9b406f7541ec49b7774678a94acc71336877d1872786019dbf42
Score
7/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Notificación de detalles bancarios.exe"C:\Users\Admin\AppData\Local\Temp\Notificación de detalles bancarios.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\Notificación de detalles bancarios.exe"C:\Users\Admin\AppData\Local\Temp\Notificación de detalles bancarios.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB