e82407b9d89827f01c08e482aa0a5808a41a05aecb57c53978dcba6954f77f6f

General

Target

documentos de pago.PDF____________________.bat.exe
Size

513KB
MD5

87d0de47cfc3570a738994f802f271f8
SHA1

908bee5ded17cd82b1a46025d1adfc4d5d5d43c3
SHA256

e82407b9d89827f01c08e482aa0a5808a41a05aecb57c53978dcba6954f77f6f
SHA512

0b6c2cf1d0a1f0b33392303adc1fb4fc2df45bf6e980f5beeb8346ef6a6303c87439d41ce0b6c4163d6b05ed13a027c61aaa5f1eacf19f53e41150d0004b7a48

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

documentos de pago.PDF____________________.bat.exe

pid	process
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe
1408	documentos de pago.PDF____________________.bat.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

documentos de pago.PDF____________________.bat.exe

description pid process

Token: SeDebugPrivilege 1408 documentos de pago.PDF____________________.bat.exe

description	pid	process
Token: SeDebugPrivilege	1408	documentos de pago.PDF____________________.bat.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

documentos de pago.PDF____________________.bat.exe

C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe
"C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe
  "C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe"
  2⤵
  PID:912
- C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe
  "C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe"
  2⤵
  PID:604
- C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe
  "C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe"
  2⤵
  PID:1724
- C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe
  "C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe"
  2⤵
  PID:752
- C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe
  "C:\Users\Admin\AppData\Local\Temp\documentos de pago.PDF____________________.bat.exe"
  2⤵
  PID:1804

description	pid	process	target process
PID 1408 wrote to memory of 912	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 912	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 912	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 912	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 604	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 604	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 604	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 604	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1724	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1724	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1724	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1724	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 752	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 752	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 752	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 752	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1804	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1804	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1804	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe
PID 1408 wrote to memory of 1804	1408	documentos de pago.PDF____________________.bat.exe	documentos de pago.PDF____________________.bat.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads