Analysis
-
max time kernel
208s -
max time network
264s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
25-11-2022 19:30
General
-
Target
pdf_a_informação_sobre_a_sua_encomenda.exe
-
Size
431KB
-
MD5
d5664ede47805259cba4c41ed3a409a9
-
SHA1
32c6b8fb8799ad3d2a2f2fcc8394b7425aaab2d2
-
SHA256
4cdd136256db78df35630679277c082f5052c2e258ca318c6e77bd47e0001c03
-
SHA512
c97aa03d11ff425ea3526dc910b1f755b597b5622fcc861a5374121dc30f1736007e455d9e94b8c25ec75d729da3d2b6bcee967810dc2663c7a9da740f1c5f41
-
SSDEEP
6144:5RlT0m9qCgTRJkoakebtdjxjTQs6URdVlZ8fNBjmTbk0hnsuN:7lQm9qrhaDhd1jxV41BjmTbTnrN
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\svchost.exeC:\Windows\syswow64\svchost.exe3⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\svchost.exeC:\Windows\syswow64\svchost.exe3⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\uqnnysl.uhvFilesize
521B
MD5dbb7dcc7f4a3e13baf79896e5568545b
SHA146e5471a9e34291c5cb40b742995d7c986773b18
SHA25614d8bf0fe54dd8fa44553a8de0398b8cd8340e401d6e75bc3dd2c77296396790
SHA51259fa1d9845783065a033df5d0757f750779d006b0da0388a99ebe6ae3143b296385d22237c2235af108134d7fc13b42e7615dc3e13e75081430ef8a8f3736b62
-
memory/316-61-0x0000000074A80000-0x000000007502B000-memory.dmpFilesize
5.7MB
-
memory/316-55-0x0000000074A80000-0x000000007502B000-memory.dmpFilesize
5.7MB
-
memory/316-54-0x0000000075FF1000-0x0000000075FF3000-memory.dmpFilesize
8KB
-
memory/568-65-0x0000000000790000-0x0000000000798000-memory.dmpFilesize
32KB
-
memory/568-66-0x0000000000080000-0x00000000000AD000-memory.dmpFilesize
180KB
-
memory/568-74-0x0000000000080000-0x00000000000AD000-memory.dmpFilesize
180KB
-
memory/568-64-0x0000000000000000-mapping.dmp
-
memory/624-75-0x0000000000080000-0x00000000000AD000-memory.dmpFilesize
180KB
-
memory/624-73-0x0000000000080000-0x00000000000AD000-memory.dmpFilesize
180KB
-
memory/624-69-0x0000000000000000-mapping.dmp
-
memory/1120-68-0x0000000000401000-0x000000000042E000-memory.dmpFilesize
180KB
-
memory/1120-67-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1120-59-0x00000000000CEAFE-mapping.dmp
-
memory/1120-70-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1120-57-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1120-71-0x0000000000401000-0x000000000042E000-memory.dmpFilesize
180KB
-
memory/1120-56-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1120-63-0x0000000000401000-0x000000000042E000-memory.dmpFilesize
180KB
-
memory/1120-62-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1120-60-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB