Overview

overview

8

Static

static

Nuevo docu...d..exe

windows7_x64

8

Nuevo docu...d..exe

windows10_x64

8

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    16-04-2021 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nuevo documento de confirmación de solicitud..exe

  • Size

    812KB

  • MD5

    ca9350da27b53b25146a0d8b6913b06c

  • SHA1

    f54b3cb317ac7410ea510839718484595534f533

  • SHA256

    d509a1aac6989c651953416b29ee6c949eba0be53df193b29e2e95e5b9e4635e

  • SHA512

    9e5724f58bc1da17358903d4a3d7436881dba63f430ce2b4b7e015709473e48552fde778efe2b0e1ee9877d0e1d2f311855961bd6c100ed1f2683240f87b94f7

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nuevo documento de confirmación de solicitud..exe
    "C:\Users\Admin\AppData\Local\Temp\Nuevo documento de confirmación de solicitud..exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\dialer.exe
      C:\Windows\System32\dialer.exe
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1004-66-0x0000000000000000-mapping.dmp

    Download

  • memory/1004-68-0x00000000000C0000-0x00000000000C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1004-73-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1004-72-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1004-74-0x0000000010410000-0x00000000107F4000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1096-60-0x0000000075201000-0x0000000075203000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1096-61-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1096-63-0x0000000000280000-0x000000000029A000-memory.dmp

    Filesize

    104KB

    Download