Overview

overview

10

Static

static

3

RETENCIÓN...AR.rar

windows7-x64

3

RETENCIÓN...AR.rar

windows10-2004-x64

3

RETENCIÓN...AR.exe

windows7-x64

10

RETENCIÓN...AR.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2023 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RETENCIÓN 001-002-000006770 FACTURA ELECTRÓNICA POR PAGAR.rar

  • Size

    1.2MB

  • MD5

    19e127c10ee33237b16a2b1437f823a9

  • SHA1

    8079af8944008a471b85fdad90223fd75af6ad82

  • SHA256

    9a50e8852c21875b333fa210d814be7f0acc096afab6d06cc438d1ace3f42993

  • SHA512

    2131ac1364fc845d8b1d9778b9a726b46d2891d5ee1e6c2d30452d95d864408c3e0661a3632ca4bc03c8862ac48c75b1b23e28e98c27bf9b99a39c736d8930a4

  • SSDEEP

    24576:XNE7RLlBTYck2eeXtvzz56RlryGy7oq9NKd6xpWG4WCZg4O2yWT0:XsRRBTzkbedz56RlqnNK4DWGMZ1fT0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\RETENCIÓN 001-002-000006770 FACTURA ELECTRÓNICA POR PAGAR.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RETENCIÓN 001-002-000006770 FACTURA ELECTRÓNICA POR PAGAR.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:320
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\RETENCIÓN 001-002-000006770 FACTURA ELECTRÓNICA POR PAGAR.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:572

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/572-78-0x000000013F9F0000-0x000000013FAE8000-memory.dmp
    Filesize

    992KB

    Download
  • memory/572-79-0x000007FEFB6C0000-0x000007FEFB6F4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/572-80-0x000007FEF6AA0000-0x000007FEF6D54000-memory.dmp
    Filesize

    2.7MB

    Download
  • memory/572-81-0x000007FEFB8D0000-0x000007FEFB8E8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/572-82-0x000007FEFB400000-0x000007FEFB417000-memory.dmp
    Filesize

    92KB

    Download
  • memory/572-83-0x000007FEFB3E0000-0x000007FEFB3F1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-84-0x000007FEFB3C0000-0x000007FEFB3D7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/572-86-0x000007FEF6FF0000-0x000007FEF700D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/572-87-0x000007FEF6FD0000-0x000007FEF6FE1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-85-0x000007FEF7020000-0x000007FEF7031000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-88-0x000007FEF4EA0000-0x000007FEF5F4B000-memory.dmp
    Filesize

    16.7MB

    Download
  • memory/572-89-0x000007FEF67B0000-0x000007FEF69B0000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/572-90-0x000007FEF6F90000-0x000007FEF6FCF000-memory.dmp
    Filesize

    252KB

    Download
  • memory/572-91-0x000007FEF6F60000-0x000007FEF6F81000-memory.dmp
    Filesize

    132KB

    Download
  • memory/572-92-0x000007FEF6F40000-0x000007FEF6F58000-memory.dmp
    Filesize

    96KB

    Download
  • memory/572-94-0x000007FEF6F00000-0x000007FEF6F11000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-95-0x000007FEF6EE0000-0x000007FEF6EF1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-93-0x000007FEF6F20000-0x000007FEF6F31000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-96-0x000007FEF6EC0000-0x000007FEF6EDB000-memory.dmp
    Filesize

    108KB

    Download
  • memory/572-97-0x000007FEF6EA0000-0x000007FEF6EB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-98-0x000007FEF6E80000-0x000007FEF6E98000-memory.dmp
    Filesize

    96KB

    Download
  • memory/572-99-0x000007FEF6A70000-0x000007FEF6AA0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/572-100-0x000007FEF6740000-0x000007FEF67A7000-memory.dmp
    Filesize

    412KB

    Download
  • memory/572-101-0x000007FEF74A0000-0x000007FEF750F000-memory.dmp
    Filesize

    444KB

    Download
  • memory/572-102-0x000007FEF7480000-0x000007FEF7491000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-103-0x000007FEF6610000-0x000007FEF6666000-memory.dmp
    Filesize

    344KB

    Download
  • memory/572-104-0x000007FEF7450000-0x000007FEF7478000-memory.dmp
    Filesize

    160KB

    Download
  • memory/572-105-0x000007FEF6A20000-0x000007FEF6A44000-memory.dmp
    Filesize

    144KB

    Download
  • memory/572-106-0x000007FEF65F0000-0x000007FEF6607000-memory.dmp
    Filesize

    92KB

    Download
  • memory/572-107-0x000007FEF65C0000-0x000007FEF65E3000-memory.dmp
    Filesize

    140KB

    Download
  • memory/572-108-0x000007FEF65A0000-0x000007FEF65B1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-109-0x000007FEF6580000-0x000007FEF6592000-memory.dmp
    Filesize

    72KB

    Download
  • memory/572-110-0x000007FEF6550000-0x000007FEF6571000-memory.dmp
    Filesize

    132KB

    Download
  • memory/572-111-0x000007FEF6530000-0x000007FEF6543000-memory.dmp
    Filesize

    76KB

    Download
  • memory/572-112-0x000007FEF6510000-0x000007FEF6522000-memory.dmp
    Filesize

    72KB

    Download
  • memory/572-113-0x000007FEF6330000-0x000007FEF646B000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/572-114-0x000007FEF6300000-0x000007FEF632C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/572-115-0x000007FEF60D0000-0x000007FEF6282000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/572-116-0x000007FEF4900000-0x000007FEF495C000-memory.dmp
    Filesize

    368KB

    Download
  • memory/572-117-0x000007FEF46B0000-0x000007FEF46C1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-118-0x000007FEF45C0000-0x000007FEF4657000-memory.dmp
    Filesize

    604KB

    Download
  • memory/572-119-0x000007FEF4450000-0x000007FEF4462000-memory.dmp
    Filesize

    72KB

    Download
  • memory/572-120-0x000007FEF3E80000-0x000007FEF40B1000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/572-121-0x000007FEF3E20000-0x000007FEF3E55000-memory.dmp
    Filesize

    212KB

    Download
  • memory/572-122-0x000007FEF3DF0000-0x000007FEF3E15000-memory.dmp
    Filesize

    148KB

    Download
  • memory/572-123-0x000007FEF3DD0000-0x000007FEF3DE1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-124-0x000007FEF3D60000-0x000007FEF3DC1000-memory.dmp
    Filesize

    388KB

    Download
  • memory/572-125-0x000007FEF3D40000-0x000007FEF3D51000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-126-0x000007FEF3D20000-0x000007FEF3D32000-memory.dmp
    Filesize

    72KB

    Download
  • memory/572-127-0x000007FEF3B00000-0x000007FEF3B13000-memory.dmp
    Filesize

    76KB

    Download
  • memory/572-128-0x000007FEF3C80000-0x000007FEF3D1F000-memory.dmp
    Filesize

    636KB

    Download
  • memory/572-129-0x000007FEF3C60000-0x000007FEF3C71000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-130-0x000007FEF3B50000-0x000007FEF3C52000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/572-131-0x000007FEF3B30000-0x000007FEF3B41000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-132-0x000007FEF3980000-0x000007FEF3AF8000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/572-133-0x000007FEF3960000-0x000007FEF3977000-memory.dmp
    Filesize

    92KB

    Download