1e3e424d41bae88878ec8ff68e76e437012fdabd8881937dbe9300527c7d0e66

Analysis

max time kernel
293s
max time network
335s
platform
windows7_x64
resource
win7-20221111-es
resource tags

arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
submitted
01-12-2022 18:28

Target

TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe
Size

310KB
MD5

21e46a899b0322c89c9be7a523c8fac0
SHA1

ee646c0fee2f4e859776b859f7723293da978825
SHA256

32232cd07f6c7553613725de84b0fb6da14d2a076918c59e5d1bdf704b857d12
SHA512

0963e30a46064f25ef24a0f37f5f5503a8a36c893678002ef3821965755032a8c47654bf07d89e2bf418bf86b9e61bf5c73cf76c63e2307fa414b7ddb0532f09
SSDEEP

6144:+Pla3hyO2k1EwO4jDFcPQQAF+MdsjdBMamnL2c3ra9pWQ3R2wialFpra:0syOlFc4QAfsBtmL2PDWOtlH

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1600 2044 WerFault.exe TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe

description pid process

Token: SeDebugPrivilege 2044 TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe

pid	pid_target	process	target process
1600	2044	WerFault.exe	TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe

description	pid	process
Token: SeDebugPrivilege	2044	TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe

description	pid	process	target process
PID 2044 wrote to memory of 1600	2044	TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe	WerFault.exe
PID 2044 wrote to memory of 1600	2044	TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe	WerFault.exe
PID 2044 wrote to memory of 1600	2044	TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe
"C:\Users\Admin\AppData\Local\Temp\TRANSACCION DE PAGO A CUENTA BANCARIA PDF.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 344
  2⤵
  - Program crash
  PID:1600

memory/1600-55-0x0000000000000000-mapping.dmp

Download
memory/2044-54-0x00000000013E0000-0x0000000001432000-memory.dmp

Filesize
328KB

Download