Overview

overview

10

Static

static

Lista de o...DF.exe

windows7_x64

6

Lista de o...DF.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294419s
  • max time network
    363s
  • platform
    windows7_x64
  • resource
    win7-20220311-es
  • submitted
    16-03-2022 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lista de orden?.0927272829229.PDF.exe

  • Size

    683KB

  • MD5

    5879dcb6632d8c3d53f39a29e86cdcce

  • SHA1

    97c358a006711c52a4647c3db520a9fdb575e952

  • SHA256

    a84bdf209b862ffbdf3d963611eec3c1c2d70024e24041727a49bc618d6ff4cd

  • SHA512

    80778f7cfdea1f20b8a44a4633558dfc22475cadeb54b9477cb739d59f85c70a26b8b9dab84c62347d719438849cb91ef0da8de174af022c09b87d2a06c6d4eb

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\default-browser-agent.exe
    "C:\Program Files\Mozilla Firefox\default-browser-agent.exe" do-task
    1⤵
      PID:1908
    • C:\Users\Admin\AppData\Local\Temp\Lista de orden_.0927272829229.PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\Lista de orden_.0927272829229.PDF.exe"
      1⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Windows\SysWOW64\logagent.exe
        C:\Windows\System32\logagent.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:980
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 140
          3⤵
          • Program crash
          PID:1276
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1844

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/980-60-0x0000000072480000-0x00000000724AE000-memory.dmp
        Filesize

        184KB

        Download
      • memory/980-62-0x0000000000080000-0x0000000000081000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1844-57-0x000007FEFC0A1000-0x000007FEFC0A3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2012-54-0x00000000767D1000-0x00000000767D3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2012-56-0x0000000000250000-0x0000000000251000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2012-59-0x0000000003EC6000-0x0000000003EC7000-memory.dmp
        Filesize

        4KB

        Download