Overview

overview

10

Static

static

Copia de l...ia.vbs

windows7_x64

8

Copia de l...ia.vbs

windows10_x64

8

Copia de l...er.exe

windows7_x64

5

Copia de l...er.exe

windows10_x64

5

Copia de l...A S.js

windows7_x64

10

Copia de l...A S.js

windows10_x64

10

Analysis

  • max time kernel
    299s
  • max time network
    320s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    06-07-2021 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Requer.exe

  • Size

    792KB

  • MD5

    c6110aa7ac18ab20d2a402792bddf18c

  • SHA1

    58283d8319b7b61869484cea210462d66118bfd9

  • SHA256

    af6f738044f9f5c188557f3e6a72ad130aa32fb25d15d3826f250abd25cb7b95

  • SHA512

    6c4a16ea11d5d596b3313898c2d734d5f034f4229c8a56a9d9a64a96d646ce703d238318bb7171064347ce866a97a989977b19daf3f17543098c7e179352aae4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM\Requer.exe
    "C:\Users\Admin\AppData\Local\Temp\Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM\Requer.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "{path}"
      2⤵
        PID:1692
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        "{path}"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/368-65-0x0000000000400000-0x000000000040C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/368-66-0x000000000040677E-mapping.dmp
      Download
    • memory/368-67-0x0000000000400000-0x000000000040C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/368-69-0x00000000049A0000-0x00000000049A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1668-59-0x0000000000B90000-0x0000000000B91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1668-61-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1668-62-0x00000000003B0000-0x00000000003B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1668-63-0x0000000004AD0000-0x0000000004B43000-memory.dmp
      Filesize

      460KB

      Download
    • memory/1668-64-0x00000000006F0000-0x0000000000715000-memory.dmp
      Filesize

      148KB

      Download