f35c6c1e6a64548d3a65ef765a0b08f1d0240598e8e454cc105888ce23a094d0

Analysis

max time kernel
93s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
25-05-2023 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mundogaturro_installer_2_0.exe
Size

62.4MB
MD5

e69279cacb6bc2f55a2018ca1a7cf21f
SHA1

81cde65f7c9d417c4cb1bb6f4ea2c11f133fa909
SHA256

f35c6c1e6a64548d3a65ef765a0b08f1d0240598e8e454cc105888ce23a094d0
SHA512

915f801b5040600d8f6353a9378af01ac3b315e7dfa9c69051d1b9e8ea0ec3e314197f2dfef7104aa44b6ee358cabf52711005f22956799d9018ba23678030cc
SSDEEP

1572864:PVc+OphY+AgsbrZVGOZKXr3N6gQLAg+OZXB7jnS9:QAgsnZsUcr96gQLAgrXtS9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1728	mundogaturro_installer_2_0.tmp

Loads dropped DLL 1 IoCs

pid	Process
328	mundogaturro_installer_2_0.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1728	mundogaturro_installer_2_0.tmp
1728	mundogaturro_installer_2_0.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1728	mundogaturro_installer_2_0.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1728	mundogaturro_installer_2_0.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28
PID 328 wrote to memory of 1728	328	mundogaturro_installer_2_0.exe	28

C:\Users\Admin\AppData\Local\Temp\mundogaturro_installer_2_0.exe
"C:\Users\Admin\AppData\Local\Temp\mundogaturro_installer_2_0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:328
- C:\Users\Admin\AppData\Local\Temp\is-62SSQ.tmp\mundogaturro_installer_2_0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-62SSQ.tmp\mundogaturro_installer_2_0.tmp" /SL5="$70124,64477128,831488,C:\Users\Admin\AppData\Local\Temp\mundogaturro_installer_2_0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Mundo Gaturro\is-5VM89.tmp

Filesize
95.4MB

MD5
d7e430b2b2fa5f28f24b8f4b5afcb932

SHA1
813b9d0103c34f99c80b85aa76e7b3ae7fecdc16

SHA256
43e9d1a7fe22a7b7ffcc1d86c418ef8df0dad1f63e146718781a07070b4722d6

SHA512
6e1f3f611891c401f22faae302d13233145c6c11685908057c0f638bf9136c3506c5ac0be6a4d7acfba036d664e131bcfd86b1e6e75190a84d9e35a0c4d47529

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-62SSQ.tmp\mundogaturro_installer_2_0.tmp

Filesize
3.0MB

MD5
cf0f9b7eb5b677d4d6dfcfa4b566d452

SHA1
0260549306d30c1199ff330a503c7d01907747cf

SHA256
973ec5f8ad685716160d708989fb2cde25dfadffdf78cfeff348828f79eaf223

SHA512
fb9e61a043ae91160d433b14316927a892a02e15050197a8adf065e57e928c66f6f63094009df99f753e972a995ced2b86a01c00846562c8e04fe8a15119cd5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-62SSQ.tmp\mundogaturro_installer_2_0.tmp

Filesize
3.0MB

MD5
cf0f9b7eb5b677d4d6dfcfa4b566d452

SHA1
0260549306d30c1199ff330a503c7d01907747cf

SHA256
973ec5f8ad685716160d708989fb2cde25dfadffdf78cfeff348828f79eaf223

SHA512
fb9e61a043ae91160d433b14316927a892a02e15050197a8adf065e57e928c66f6f63094009df99f753e972a995ced2b86a01c00846562c8e04fe8a15119cd5b

Download Submit
\Users\Admin\AppData\Local\Temp\is-62SSQ.tmp\mundogaturro_installer_2_0.tmp

Filesize
3.0MB

MD5
cf0f9b7eb5b677d4d6dfcfa4b566d452

SHA1
0260549306d30c1199ff330a503c7d01907747cf

SHA256
973ec5f8ad685716160d708989fb2cde25dfadffdf78cfeff348828f79eaf223

SHA512
fb9e61a043ae91160d433b14316927a892a02e15050197a8adf065e57e928c66f6f63094009df99f753e972a995ced2b86a01c00846562c8e04fe8a15119cd5b

Download Submit
memory/328-54-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/328-74-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1728-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1728-77-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/1728-85-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1728-88-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/1728-90-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download