7d6591b19f43591a4a5aa9c12fac069982ff34c77329901c8994b86cf0f5e445 | Triage

Analysis

max time kernel
151s
max time network
154s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
02-08-2022 08:42

Sharing

Report Analysis Logs

General

Target

REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe
Size

13KB
MD5

1ad29d19d089f86a7a6bfb57c0a82546
SHA1

543a0b1857aaa1f1cdc629439d14fc29f66a7459
SHA256

7d6591b19f43591a4a5aa9c12fac069982ff34c77329901c8994b86cf0f5e445
SHA512

afcc8734ff1ee6351cb69a9f622afc31990c2714c695086d0eb51320fadcbc6a58a2ae2f3b823a8657aa69de8949fe1a8448b8232b3cb765992ed6ab0d3d467c

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe

description pid process

Token: SeDebugPrivilege 1704 REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe

C:\Users\Admin\AppData\Local\Temp\REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe
"C:\Users\Admin\AppData\Local\Temp\REVISION FISCAL POR DELITO DE FALSIFICACION DE DOCUMENTO PUBLICO.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-54-0x0000000000E30000-0x0000000000E38000-memory.dmp

Filesize
32KB

Download
memory/1704-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download