Overview

overview

10

Static

static

Cotizacion...ca.exe

windows7-x64

10

Cotizacion...ca.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    247s
  • max time network
    290s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2022 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cotizacion_Electronica.exe

  • Size

    3.2MB

  • MD5

    6bd530a8417b6ab6b5ea0230ebe16857

  • SHA1

    9e7cdf3192707cd06ef9626d3d1867a7e419b23e

  • SHA256

    ab8d1ee87ac5dc2adb51e45588ea7934aa3a50ceb4033ac2aca4d16f320ab609

  • SHA512

    8c7d0317d2112f79b062fc73bd8f45c8475dece6d624a3721e4b14d84b13eb40b4ff27259dfb5f29e129c3d714a33d12695bf134463b565beb5698d5dbe45104

  • SSDEEP

    49152:N+Laj3TXU7Ni5AacXjIuqGvGNP0FWtK7zI70l:ULATX0

Score
10/10
bandookrattrojanupx

Malware Config

Signatures

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook
  • Bandook payload 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cotizacion_Electronica.exe
    "C:\Users\Admin\AppData\Local\Temp\Cotizacion_Electronica.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\windows\syswow64\msinfo32.exe
      C:\windows\syswow64\msinfo32.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1944-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1992-55-0x0000000013140000-0x0000000014009000-memory.dmp
    Filesize

    14.8MB

    Download
  • memory/1992-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1992-58-0x0000000013140000-0x0000000014009000-memory.dmp
    Filesize

    14.8MB

    Download
  • memory/1992-60-0x0000000013140000-0x0000000014009000-memory.dmp
    Filesize

    14.8MB

    Download
  • memory/1992-61-0x0000000013140000-0x0000000014009000-memory.dmp
    Filesize

    14.8MB

    Download
  • memory/1992-62-0x0000000013140000-0x0000000014009000-memory.dmp
    Filesize

    14.8MB

    Download