Analysis
-
max time kernel
46s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-02-2023 14:29
Static task
static1
Behavioral task
behavioral1
Sample
Factura Pendiente.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Factura Pendiente.exe
Resource
win10v2004-20221111-en
General
-
Target
Factura Pendiente.exe
-
Size
588KB
-
MD5
76fca7ac01c3daa1846665dd4b507ca9
-
SHA1
6e4b0a167074d28c75865d40f33941f236e51aed
-
SHA256
67e1992e369ec4e2bca1d402039496c57ec365750506f043b9fece95f98ae67e
-
SHA512
6f5104c9e98edc2abd82de81ea97bc2f3aad7412e375dadae852ec81eaac51b92099021d729b7435274b7b5913566681bbcefcbc58b56e1f4b64b1059bdde3ed
-
SSDEEP
12288:YgL+rDzX8+uSoJF6qmiCjzQE7U99Dlfusvf5MCIzyENS:R2ESofoLwE7eB9RvBMJA
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 2 IoCs
Processes:
Factura Pendiente.exepid process 1680 Factura Pendiente.exe 1680 Factura Pendiente.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsyEF80.tmp\System.dllFilesize
11KB
MD50ff2d70cfdc8095ea99ca2dabbec3cd7
SHA110c51496d37cecd0e8a503a5a9bb2329d9b38116
SHA256982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
SHA512cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
-
\Users\Admin\AppData\Local\Temp\nsyEF80.tmp\System.dllFilesize
11KB
MD50ff2d70cfdc8095ea99ca2dabbec3cd7
SHA110c51496d37cecd0e8a503a5a9bb2329d9b38116
SHA256982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
SHA512cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
-
memory/1680-54-0x0000000075281000-0x0000000075283000-memory.dmpFilesize
8KB
-
memory/1680-57-0x0000000003A70000-0x0000000004960000-memory.dmpFilesize
14.9MB
-
memory/1680-58-0x0000000003A70000-0x0000000004960000-memory.dmpFilesize
14.9MB