Analysis
-
max time kernel
293s -
max time network
335s -
platform
windows7_x64 -
resource
win7-20221111-es -
resource tags
-
submitted
01-12-2022 18:28
General
-
Target
TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe
-
Size
310KB
-
MD5
21e46a899b0322c89c9be7a523c8fac0
-
SHA1
ee646c0fee2f4e859776b859f7723293da978825
-
SHA256
32232cd07f6c7553613725de84b0fb6da14d2a076918c59e5d1bdf704b857d12
-
SHA512
0963e30a46064f25ef24a0f37f5f5503a8a36c893678002ef3821965755032a8c47654bf07d89e2bf418bf86b9e61bf5c73cf76c63e2307fa414b7ddb0532f09
-
SSDEEP
6144:+Pla3hyO2k1EwO4jDFcPQQAF+MdsjdBMamnL2c3ra9pWQ3R2wialFpra:0syOlFc4QAfsBtmL2PDWOtlH
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe"C:\Users\Admin\AppData\Local\Temp\TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2044 -s 3442⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1600-55-0x0000000000000000-mapping.dmp
-
memory/2044-54-0x00000000013E0000-0x0000000001432000-memory.dmpFilesize
328KB