Overview

overview

10

Static

static

3

NOTIFICACI...AL.exe

windows7-x64

8

NOTIFICACI...AL.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2023 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTIFICACION DEMANDA PERSONAL.exe

  • Size

    489KB

  • MD5

    35e7110e47ba3d42bf5b71937e02ce8b

  • SHA1

    7194f08ad122d5e2e1d7b432522d6e9fc2565d7b

  • SHA256

    792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d

  • SHA512

    70020e4680f74fd17705b14b0cc11541c773844952ee211eda82291b49b07c94acae9a7aa406c0f6e41fbad4a54d7ff10432b0acb0b2bbf5bc66201b8c6aec43

  • SSDEEP

    12288:qimcuTGiqcyQoiAsxhfi+/wHKK8zsK/nn6F2oG:qimcUGiqcyuAoh6jHKRzsKvQ23

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NOTIFICACION DEMANDA PERSONAL.exe
    "C:\Users\Admin\AppData\Local\Temp\NOTIFICACION DEMANDA PERSONAL.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -F C:/ProgramData/md9fmn2uj52E8Ut8f5xmiH0j4abpph3A.ps1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\md9fmn2uj52E8Ut8f5xmiH0j4abpph3A.ps1
    Filesize

    25KB

    MD5

    e8c3e078f9a6d9efa1391687a983ffae

    SHA1

    f5e0b299465164cd1745ab5153d98ceb66b465f4

    SHA256

    9d1c391c7730878897d9c03c5f2ab09a7428293bcf058346eaeb6c617e0e7289

    SHA512

    566bd10fae840974ce4214d4d7247afd62891780af7dc75a7e3f0b1ad849e2ebea44318280e188149268371a31975b711abfd3f72949a43018b5b0c66620a9cd

    Download Submit
  • memory/1716-59-0x000000001B2B0000-0x000000001B592000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1716-60-0x0000000002780000-0x0000000002800000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1716-62-0x0000000002360000-0x0000000002368000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1716-61-0x0000000002780000-0x0000000002800000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1716-64-0x0000000002780000-0x0000000002800000-memory.dmp
    Filesize

    512KB

    Download