Analysis
-
max time kernel
203s -
max time network
236s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25-11-2022 19:30
General
-
Target
pdf_a_informação_sobre_a_sua_encomenda.exe
-
Size
431KB
-
MD5
d5664ede47805259cba4c41ed3a409a9
-
SHA1
32c6b8fb8799ad3d2a2f2fcc8394b7425aaab2d2
-
SHA256
4cdd136256db78df35630679277c082f5052c2e258ca318c6e77bd47e0001c03
-
SHA512
c97aa03d11ff425ea3526dc910b1f755b597b5622fcc861a5374121dc30f1736007e455d9e94b8c25ec75d729da3d2b6bcee967810dc2663c7a9da740f1c5f41
-
SSDEEP
6144:5RlT0m9qCgTRJkoakebtdjxjTQs6URdVlZ8fNBjmTbk0hnsuN:7lQm9qrhaDhd1jxV41BjmTbTnrN
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"C:\Users\Admin\AppData\Local\Temp\pdf_a_informação_sobre_a_sua_encomenda.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\svchost.exeC:\Windows\syswow64\svchost.exe3⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\svchost.exeC:\Windows\syswow64\svchost.exe3⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\etcglwm.wekFilesize
256B
MD528395ec1e2470d38023b198af1b95132
SHA1db81e32ea82060387862c0b5fe382773b1d05b8c
SHA25658a56785754b71d70448940772e2610949216542d809653ee35f1a666dfe9491
SHA5125d59244b43abca10300af34761acf526441fd52e24f35a4586ec59ee7347052d420219c8ab6a15a753b12253bbb80163a56e92eeb784e976a3dfe5732b51f9dd
-
memory/3364-148-0x0000000000200000-0x000000000022D000-memory.dmpFilesize
180KB
-
memory/3364-139-0x0000000000000000-mapping.dmp
-
memory/3364-140-0x00000000003F0000-0x00000000003FE000-memory.dmpFilesize
56KB
-
memory/3364-141-0x0000000000200000-0x000000000022D000-memory.dmpFilesize
180KB
-
memory/4048-134-0x0000000000000000-mapping.dmp
-
memory/4048-135-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/4048-147-0x0000000000401000-0x000000000042E000-memory.dmpFilesize
180KB
-
memory/4048-137-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/4048-138-0x0000000000401000-0x000000000042E000-memory.dmpFilesize
180KB
-
memory/4048-146-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/4132-144-0x00000000003F0000-0x00000000003FE000-memory.dmpFilesize
56KB
-
memory/4132-145-0x0000000000CB0000-0x0000000000CDD000-memory.dmpFilesize
180KB
-
memory/4132-142-0x0000000000000000-mapping.dmp
-
memory/4132-149-0x0000000000CB0000-0x0000000000CDD000-memory.dmpFilesize
180KB
-
memory/4488-132-0x0000000074E50000-0x0000000075401000-memory.dmpFilesize
5.7MB
-
memory/4488-136-0x0000000074E50000-0x0000000075401000-memory.dmpFilesize
5.7MB
-
memory/4488-133-0x0000000074E50000-0x0000000075401000-memory.dmpFilesize
5.7MB