Overview

overview

10

Static

static

1

RECIBO MTCN.rar

windows7-x64

3

RECIBO MTCN.rar

windows10-2004-x64

3

MTCN TELLE...PT.exe

windows7-x64

10

MTCN TELLE...PT.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14-03-2023 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RECIBO MTCN.rar

  • Size

    222KB

  • MD5

    55c9a1ff87134502a6c82c6ae0e494dd

  • SHA1

    3ef9f7db901b635d4d9a03cc3532b3ee3d6cb430

  • SHA256

    ef4affb6a91e67cd7b1ee492589e18cf700653e6d6b32a66d5b1747ab861ef56

  • SHA512

    6c15ba2372a1ce0356b52c338600869e26b7196b90f8c8206d76107a55135b59d715d81c0cabcc7f5cba9f93284784a6ceb62ea851281d51c2f9278d06fb3be3

  • SSDEEP

    6144:Ohe+DOLW8ihXZCxlrmP9qcanPBWfE+NJo5gXZQLA:Q5fhpX9qBPBWfE+Nll

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\RECIBO MTCN.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RECIBO MTCN.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\RECIBO MTCN.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1716-83-0x000000013F140000-0x000000013F238000-memory.dmp
    Filesize

    992KB

    Download
  • memory/1716-84-0x000007FEFB3A0000-0x000007FEFB3D4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1716-85-0x000007FEF67B0000-0x000007FEF6A64000-memory.dmp
    Filesize

    2.7MB

    Download
  • memory/1716-86-0x000007FEFB630000-0x000007FEFB648000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1716-87-0x000007FEFB380000-0x000007FEFB397000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1716-88-0x000007FEFB360000-0x000007FEFB371000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-89-0x000007FEFB340000-0x000007FEFB357000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1716-90-0x000007FEFB320000-0x000007FEFB331000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-91-0x000007FEFB2E0000-0x000007FEFB2FD000-memory.dmp
    Filesize

    116KB

    Download
  • memory/1716-92-0x000007FEFB110000-0x000007FEFB121000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-93-0x000007FEF64A0000-0x000007FEF66A0000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1716-94-0x000007FEF53F0000-0x000007FEF649B000-memory.dmp
    Filesize

    16.7MB

    Download
  • memory/1716-95-0x000007FEF4570000-0x000007FEF45AF000-memory.dmp
    Filesize

    252KB

    Download
  • memory/1716-96-0x000007FEF7150000-0x000007FEF7171000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1716-97-0x000007FEF4550000-0x000007FEF4568000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1716-98-0x000007FEF4530000-0x000007FEF4541000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-99-0x000007FEF4510000-0x000007FEF4521000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-100-0x000007FEF44F0000-0x000007FEF4501000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-101-0x000007FEF44D0000-0x000007FEF44EB000-memory.dmp
    Filesize

    108KB

    Download
  • memory/1716-102-0x000007FEF44B0000-0x000007FEF44C1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-103-0x000007FEF4490000-0x000007FEF44A8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1716-104-0x000007FEF4460000-0x000007FEF4490000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1716-106-0x000007FEF4380000-0x000007FEF43EF000-memory.dmp
    Filesize

    444KB

    Download
  • memory/1716-105-0x000007FEF43F0000-0x000007FEF4457000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1716-107-0x000007FEF4360000-0x000007FEF4371000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-110-0x000007FEF42A0000-0x000007FEF42C4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1716-109-0x000007FEF42D0000-0x000007FEF42F8000-memory.dmp
    Filesize

    160KB

    Download
  • memory/1716-113-0x000007FEF4230000-0x000007FEF4241000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-112-0x000007FEF4250000-0x000007FEF4273000-memory.dmp
    Filesize

    140KB

    Download
  • memory/1716-111-0x000007FEF4280000-0x000007FEF4297000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1716-117-0x000007FEF41A0000-0x000007FEF41B2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1716-116-0x000007FEF41C0000-0x000007FEF41D3000-memory.dmp
    Filesize

    76KB

    Download
  • memory/1716-115-0x000007FEF41E0000-0x000007FEF4201000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1716-114-0x000007FEF4210000-0x000007FEF4222000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1716-108-0x000007FEF4300000-0x000007FEF4356000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1716-119-0x000007FEF4030000-0x000007FEF405C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1716-118-0x000007FEF4060000-0x000007FEF419B000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1716-120-0x000007FEF3E70000-0x000007FEF4022000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1716-122-0x000007FEF3DF0000-0x000007FEF3E01000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-121-0x000007FEF3E10000-0x000007FEF3E6C000-memory.dmp
    Filesize

    368KB

    Download
  • memory/1716-124-0x000007FEF3D30000-0x000007FEF3D42000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1716-123-0x000007FEF3D50000-0x000007FEF3DE7000-memory.dmp
    Filesize

    604KB

    Download
  • memory/1716-125-0x000007FEF3AF0000-0x000007FEF3D21000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1716-126-0x000007FEF39D0000-0x000007FEF3AE2000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1716-128-0x000007FEF3960000-0x000007FEF3985000-memory.dmp
    Filesize

    148KB

    Download
  • memory/1716-127-0x000007FEF3990000-0x000007FEF39C5000-memory.dmp
    Filesize

    212KB

    Download
  • memory/1716-129-0x000007FEF3940000-0x000007FEF3951000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-130-0x000007FEF38D0000-0x000007FEF3931000-memory.dmp
    Filesize

    388KB

    Download
  • memory/1716-131-0x000007FEF38B0000-0x000007FEF38C1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-133-0x000007FEF3870000-0x000007FEF3883000-memory.dmp
    Filesize

    76KB

    Download
  • memory/1716-132-0x000007FEF3890000-0x000007FEF38A2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1716-135-0x000007FEF37B0000-0x000007FEF37C1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-134-0x000007FEF37D0000-0x000007FEF386F000-memory.dmp
    Filesize

    636KB

    Download
  • memory/1716-137-0x000007FEF3680000-0x000007FEF3691000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-136-0x000007FEF36A0000-0x000007FEF37A2000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1716-138-0x000007FEF3660000-0x000007FEF3671000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-142-0x000007FEF35E0000-0x000007FEF35F6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1716-141-0x000007FEF3600000-0x000007FEF3618000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1716-140-0x000007FEF3620000-0x000007FEF3632000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1716-139-0x000007FEF3640000-0x000007FEF3651000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-146-0x000007FEF3550000-0x000007FEF3561000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-145-0x000007FEF3570000-0x000007FEF3581000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1716-144-0x000007FEF3590000-0x000007FEF35A2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1716-143-0x000007FEF35B0000-0x000007FEF35D9000-memory.dmp
    Filesize

    164KB

    Download