Overview

overview

10

Static

static

Copia de l...ia.vbs

windows7_x64

8

Copia de l...ia.vbs

windows10_x64

8

Copia de l...er.exe

windows7_x64

5

Copia de l...er.exe

windows10_x64

5

Copia de l...A S.js

windows7_x64

10

Copia de l...A S.js

windows10_x64

10

Analysis

  • max time kernel
    300s
  • max time network
    302s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    06-07-2021 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Requer.exe

  • Size

    792KB

  • MD5

    c6110aa7ac18ab20d2a402792bddf18c

  • SHA1

    58283d8319b7b61869484cea210462d66118bfd9

  • SHA256

    af6f738044f9f5c188557f3e6a72ad130aa32fb25d15d3826f250abd25cb7b95

  • SHA512

    6c4a16ea11d5d596b3313898c2d734d5f034f4229c8a56a9d9a64a96d646ce703d238318bb7171064347ce866a97a989977b19daf3f17543098c7e179352aae4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM\Requer.exe
    "C:\Users\Admin\AppData\Local\Temp\Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM\Requer.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "{path}"
      2⤵
        PID:4052
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        "{path}"
        2⤵
          PID:4060
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
          "{path}"
          2⤵
            PID:2008
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
            "{path}"
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:3112

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3112-125-0x000000000040677E-mapping.dmp
          Download
        • memory/3112-133-0x00000000055B0000-0x00000000055B1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3112-131-0x0000000005300000-0x00000000057FE000-memory.dmp
          Filesize

          5.0MB

          Download
        • memory/3112-124-0x0000000000400000-0x000000000040C000-memory.dmp
          Filesize

          48KB

          Download
        • memory/3948-118-0x0000000005380000-0x0000000005381000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3948-119-0x00000000051A0000-0x000000000569E000-memory.dmp
          Filesize

          5.0MB

          Download
        • memory/3948-121-0x0000000005510000-0x0000000005512000-memory.dmp
          Filesize

          8KB

          Download
        • memory/3948-122-0x0000000006EE0000-0x0000000006F53000-memory.dmp
          Filesize

          460KB

          Download
        • memory/3948-123-0x00000000070A0000-0x00000000070C5000-memory.dmp
          Filesize

          148KB

          Download
        • memory/3948-120-0x0000000005230000-0x0000000005231000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3948-114-0x0000000000900000-0x0000000000901000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3948-117-0x0000000005240000-0x0000000005241000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3948-116-0x00000000056A0000-0x00000000056A1000-memory.dmp
          Filesize

          4KB

          Download