Analysis
-
max time kernel
291s -
max time network
280s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-04-2023 08:20
Static task
static1
Behavioral task
behavioral1
Sample
Cotizacion 1.exe
Resource
win7-20230220-en
5 signatures
300 seconds
General
-
Target
Cotizacion 1.exe
-
Size
1.4MB
-
MD5
13c45a10e3b3f932e2c9e76d33a70eb1
-
SHA1
df49a65c54d3335ad7274ccb7312f07ddfecb48b
-
SHA256
445bc1991044f1852e878421bdd17c5eee091069f11d2107564492435a01182b
-
SHA512
51c49a408c24627996ac30fc3c519f6e77d3ada6f7c924cbacfcd67bd88678ab6423d8acb6ed2953a8fe4a6662081b2f00409b050d61f76678d555e02358edf7
-
SSDEEP
24576:/1RS4xszUmeE6+NbEZlnibawoGif8pk8kjUiuUiBFN6VQu0:/vSIG+xrPjUimlPf
Malware Config
Signatures
-
Bandook payload 7 IoCs
Processes:
resource yara_rule behavioral1/memory/1652-79-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral1/memory/1652-80-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral1/memory/1652-86-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral1/memory/1652-87-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral1/memory/1652-88-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral1/memory/1652-90-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral1/memory/1652-92-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook -
Processes:
resource yara_rule behavioral1/memory/1652-77-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-78-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-79-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-80-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-86-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-87-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-88-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-90-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral1/memory/1652-92-0x0000000013140000-0x0000000013C7D000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
msinfo32.exepid process 1652 msinfo32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
Cotizacion 1.exedescription pid process target process PID 1212 wrote to memory of 1652 1212 Cotizacion 1.exe msinfo32.exe PID 1212 wrote to memory of 1652 1212 Cotizacion 1.exe msinfo32.exe PID 1212 wrote to memory of 1652 1212 Cotizacion 1.exe msinfo32.exe PID 1212 wrote to memory of 1652 1212 Cotizacion 1.exe msinfo32.exe PID 1212 wrote to memory of 1652 1212 Cotizacion 1.exe msinfo32.exe PID 1212 wrote to memory of 1652 1212 Cotizacion 1.exe msinfo32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1212-54-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1212-55-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-56-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1212-58-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-59-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-71-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-72-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-73-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-95-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1212-81-0x0000000000400000-0x000000000056C000-memory.dmpFilesize
1.4MB
-
memory/1652-77-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-78-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-79-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-80-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-76-0x000000007EFDE000-0x000000007EFDF000-memory.dmpFilesize
4KB
-
memory/1652-86-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-87-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-88-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-90-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-92-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/1652-75-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB