Overview
overview
6Static
static
NO ABRIR.rar
windows7-x64
3NO ABRIR.rar
windows10-2004-x64
3NO ABRIR/A...7.html
windows7-x64
1NO ABRIR/A...7.html
windows10-2004-x64
1NO ABRIR/E...28.msg
windows7-x64
6NO ABRIR/E...28.msg
windows10-2004-x64
3NO ABRIR/E...47.msg
windows7-x64
6NO ABRIR/E...47.msg
windows10-2004-x64
3NO ABRIR/F...f.html
windows7-x64
1NO ABRIR/F...f.html
windows10-2004-x64
1NO ABRIR/N...n.xlsx
windows7-x64
1NO ABRIR/N...n.xlsx
windows10-2004-x64
1NO ABRIR/O...r .msg
windows7-x64
6NO ABRIR/O...r .msg
windows10-2004-x64
3NO ABRIR/O...a.xlsx
windows7-x64
1NO ABRIR/O...a.xlsx
windows10-2004-x64
1NO ABRIR/desktop.ini
windows7-x64
1NO ABRIR/desktop.ini
windows10-2004-x64
1Analysis
-
max time kernel
1592s -
max time network
1596s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/02/2023, 02:40
Static task
static1
Behavioral task
behavioral1
Sample
NO ABRIR.rar
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
NO ABRIR.rar
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
NO ABRIR/AUTORIZACION1995324BM7.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral4
Sample
NO ABRIR/AUTORIZACION1995324BM7.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
NO ABRIR/Envio del comprobante fiscal - N6428.msg
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
NO ABRIR/Envio del comprobante fiscal - N6428.msg
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
NO ABRIR/Envio del comprobante fiscal - N7547.msg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
NO ABRIR/Envio del comprobante fiscal - N7547.msg
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
NO ABRIR/Factura-8118980.pdf.html
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
NO ABRIR/Factura-8118980.pdf.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
NO ABRIR/Nuevo orden.xlsx
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
NO ABRIR/Nuevo orden.xlsx
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
NO ABRIR/Operacion SPEI-6279 a tu favor .msg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
NO ABRIR/Operacion SPEI-6279 a tu favor .msg
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
NO ABRIR/Orden de compra.xlsx
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
NO ABRIR/Orden de compra.xlsx
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
NO ABRIR/desktop.ini
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral18
Sample
NO ABRIR/desktop.ini
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
NO ABRIR/Factura-8118980.pdf.html
-
Size
401KB
-
MD5
dd262a39abbd4398d449098834772d81
-
SHA1
eb9c36217c09501bf3f665eac04ab48c47f6556b
-
SHA256
0de177cd155ff3926f64c424f027cab06d7a7e52f56e3129c349ea5e1229d17e
-
SHA512
5163d8068befcfd202944d98b4a6c8ba1712b00c00e2a735a810cd6eea132ba5aef23c36600b214b0b0bbf869da6b26496fe55ed64ceb7d3fe1b52f3c9b1e979
-
SSDEEP
12288:GK0BOU3+06BkHl81fs2mxOa4njhiYRxz1z0:rUu0OkeVRVa4F1R/w
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb800000000020000000000106600000001000020000000d847204b483b8acb0a3139b6e9022b94f2414f3edf88816ce2bbc054f1d6973c000000000e80000000020000200000006e57138a94e7cb93ef0333217a3acfd951b5382791117b380c895223470de09620000000388b33d4d97fb66f9c98549351960f5e01bb4de12c4886e530b3c02847ca4b0a400000009743e242a97cb976d83b18cb0406717c68796eff60e63a070e38b8c810bafa6330d15ec71832fa727c65590b2bdb82dee151e584f16315f1928e8d7356a3b94b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382074240" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BC6EE61-A2AB-11ED-90DE-EEBA1A0FFCD1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c03833b836d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb8000000000200000000001066000000010000200000000d2e55766dfba23412c04a22f6176935004c22b488192a1be9ac73a2e683ee64000000000e800000000200002000000049a30eed5d7887a1640ee960a1c9e82bf7cd4a7cc7ec7561816c5773b521f4f7900000005124503f95808cf7bf93da7e66bdc629ed1b2d7627026ec92168b054e77fa97748b9292053c8794ea72173418b11ec96c5a8dcba9c2be039e8a6e134aa917cadc4c9a1cc251ac37daa5e551934e9539d9c563cffcde66f112928c56452efc1d0c5eb2e477f36345ee3e2e5c4541ec66d2a692c62c71792f8ac529018a807517d11675cdcc4ff12ac99349b0a65f7d86340000000a7b1b347eb23816a691836f2286e3d2c737997f7cd6d71852568980a5feaf75a7df31e88308ba9a115a2543d9a4779c8658353b9faf6f6cbbfeeb18ca6646e0e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2004 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2004 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2004 iexplore.exe 2004 iexplore.exe 668 IEXPLORE.EXE 668 IEXPLORE.EXE 668 IEXPLORE.EXE 668 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2004 wrote to memory of 668 2004 iexplore.exe 29 PID 2004 wrote to memory of 668 2004 iexplore.exe 29 PID 2004 wrote to memory of 668 2004 iexplore.exe 29 PID 2004 wrote to memory of 668 2004 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\NO ABRIR\Factura-8118980.pdf.html"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:668
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ed273b3ddbf3f14c710373680a61d65
SHA1a916f5186747644eabcd2f6f79647827a44dd890
SHA25654f05599acb539fd8734abe4e4e4be8075bd5ae28350461c3ef8ccc99307baa1
SHA512d79ea231bde161586a87d7493bfbb75f363a12bec86ac3785ca471960e37242ec819c929494d2fd841a1bf2bfa90ed90506200a4b82fdc89553088bd39e57d8e
-
Filesize
5KB
MD56224a723dc77b614a7940542c3894447
SHA12fcfc84b991b3c1a137eb7fbf0c4a78432d8d4a1
SHA25641c6dd6a23f19d52329a0b076f60b50a35389ea60a24ecaa8a6f0b0733449127
SHA512b1483d082a3c71832e5d4d65cabde07c68ebe474576d30bc111cd3a0ba4e49bd0d2020c10161049c37dc67620846c56390ad43b1a813c15d247d2e5b6730e409
-
Filesize
604B
MD571656d1d3018dcb3d7a09b9e335d2ee4
SHA11ac8269f0827e0abb85376736587f4183cad17ea
SHA2565d9262f2bf11b5fe1d34c65bba19ea7d2a3f583ba4c89db68980aa54e681d293
SHA512d8ea93b1be95f8d0bc93de298a5d1ff0a1c501e9211694229b74d19a28712296f110f1acdd4a72fef89628947f7fbf73e381395f3501a3a5ef859198db929d8d