Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
02-08-2022 08:42
Static task
static1
Behavioral task
behavioral1
Sample
REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe
Resource
win10v2004-20220721-en
General
-
Target
REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe
-
Size
13KB
-
MD5
1ad29d19d089f86a7a6bfb57c0a82546
-
SHA1
543a0b1857aaa1f1cdc629439d14fc29f66a7459
-
SHA256
7d6591b19f43591a4a5aa9c12fac069982ff34c77329901c8994b86cf0f5e445
-
SHA512
afcc8734ff1ee6351cb69a9f622afc31990c2714c695086d0eb51320fadcbc6a58a2ae2f3b823a8657aa69de8949fe1a8448b8232b3cb765992ed6ab0d3d467c
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exedescription pid process Token: SeDebugPrivilege 1704 REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe