Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26-03-2023 08:45
Static task
static1
Behavioral task
behavioral1
Sample
Comprobante de pago soporte de transaccion a cuenta bancaria.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Comprobante de pago soporte de transaccion a cuenta bancaria.exe
Resource
win10v2004-20230220-en
General
-
Target
Comprobante de pago soporte de transaccion a cuenta bancaria.exe
-
Size
310KB
-
MD5
7c17c418ac46c2a8e7ef03486ac2ed96
-
SHA1
6ed1f50056585cdd7352f5a9b926a75c31635f07
-
SHA256
1e701ee3eab5f0c8a99b418096fecc368a09a4f8f77e4a93d0d709a21c35ac3b
-
SHA512
1595f0c9d21f06967f3d6a7f12148f17dd5d72c413fc14027f6fbf4dbde4d193d587e883d12c54225503ea574265330176c2e3aaa469e6134f8a537806beef93
-
SSDEEP
6144:fUNLR2hzs3UB3zHNE3Oj1bJ3tONsE1kL9KPqKhf3OJ0YkRpE07ygea:u93U1ztuW1bJdONlk4CKhf3kkRpljea
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1428 1216 WerFault.exe Comprobante de pago soporte de transaccion a cuenta bancaria.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Comprobante de pago soporte de transaccion a cuenta bancaria.exedescription pid process Token: SeDebugPrivilege 1216 Comprobante de pago soporte de transaccion a cuenta bancaria.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Comprobante de pago soporte de transaccion a cuenta bancaria.exedescription pid process target process PID 1216 wrote to memory of 1428 1216 Comprobante de pago soporte de transaccion a cuenta bancaria.exe WerFault.exe PID 1216 wrote to memory of 1428 1216 Comprobante de pago soporte de transaccion a cuenta bancaria.exe WerFault.exe PID 1216 wrote to memory of 1428 1216 Comprobante de pago soporte de transaccion a cuenta bancaria.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Comprobante de pago soporte de transaccion a cuenta bancaria.exe"C:\Users\Admin\AppData\Local\Temp\Comprobante de pago soporte de transaccion a cuenta bancaria.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1216 -s 5202⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1216-54-0x0000000000930000-0x0000000000982000-memory.dmpFilesize
328KB