Analysis
-
max time kernel
203s -
max time network
290s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
10-10-2022 15:58
Static task
static1
Behavioral task
behavioral1
Sample
Cotizacion_Electronica.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
300 seconds
General
-
Target
Cotizacion_Electronica.exe
-
Size
3.2MB
-
MD5
6bd530a8417b6ab6b5ea0230ebe16857
-
SHA1
9e7cdf3192707cd06ef9626d3d1867a7e419b23e
-
SHA256
ab8d1ee87ac5dc2adb51e45588ea7934aa3a50ceb4033ac2aca4d16f320ab609
-
SHA512
8c7d0317d2112f79b062fc73bd8f45c8475dece6d624a3721e4b14d84b13eb40b4ff27259dfb5f29e129c3d714a33d12695bf134463b565beb5698d5dbe45104
-
SSDEEP
49152:N+Laj3TXU7Ni5AacXjIuqGvGNP0FWtK7zI70l:ULATX0
Malware Config
Signatures
-
Bandook payload 3 IoCs
Processes:
resource yara_rule behavioral2/memory/2296-135-0x0000000013140000-0x0000000014009000-memory.dmp family_bandook behavioral2/memory/2296-136-0x0000000013140000-0x0000000014009000-memory.dmp family_bandook behavioral2/memory/2296-137-0x0000000013140000-0x0000000014009000-memory.dmp family_bandook -
Processes:
resource yara_rule behavioral2/memory/2296-133-0x0000000013140000-0x0000000014009000-memory.dmp upx behavioral2/memory/2296-134-0x0000000013140000-0x0000000014009000-memory.dmp upx behavioral2/memory/2296-135-0x0000000013140000-0x0000000014009000-memory.dmp upx behavioral2/memory/2296-136-0x0000000013140000-0x0000000014009000-memory.dmp upx behavioral2/memory/2296-137-0x0000000013140000-0x0000000014009000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
msinfo32.exepid process 2296 msinfo32.exe 2296 msinfo32.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
Cotizacion_Electronica.exedescription pid process target process PID 2732 wrote to memory of 2296 2732 Cotizacion_Electronica.exe msinfo32.exe PID 2732 wrote to memory of 2296 2732 Cotizacion_Electronica.exe msinfo32.exe PID 2732 wrote to memory of 2296 2732 Cotizacion_Electronica.exe msinfo32.exe PID 2732 wrote to memory of 2296 2732 Cotizacion_Electronica.exe msinfo32.exe PID 2732 wrote to memory of 2296 2732 Cotizacion_Electronica.exe msinfo32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cotizacion_Electronica.exe"C:\Users\Admin\AppData\Local\Temp\Cotizacion_Electronica.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\windows\SysWOW64\msinfo32.exeC:\windows\syswow64\msinfo32.exe2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2296-132-0x0000000000000000-mapping.dmp
-
memory/2296-133-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/2296-134-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/2296-135-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/2296-136-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/2296-137-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB