Analysis
-
max time kernel
415s -
max time network
419s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
04-07-2023 15:15
Static task
static1
Behavioral task
behavioral1
Sample
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
Resource
win10v2004-20230703-en
General
-
Target
NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg
-
Size
86KB
-
MD5
068ffdc02f1552e8b7817e1e7007e88a
-
SHA1
c93960bf3f475178277865c4021c7b8e74738740
-
SHA256
287330d6b24150da781995a2fd8b0b57e60c68d58bfbea9a6a789d338e62297c
-
SHA512
09fee4ffbdce1954554cea8d45cef2f46591fdf3c9e489099a4100d1ccb9e07d1fea5adba8c2ced939eaa9cbc7aac50f3e6e3bbc381de7dd509acf3ee590c18c
-
SSDEEP
1536:AYSWIW2TnneVKWj7K8tU6PWlL4V6/IlKWgIpnRcTV4:A3yN7Q6F7DjpnWp
Malware Config
Signatures
-
Drops file in System32 directory 14 IoCs
Processes:
OUTLOOK.EXEdescription ioc process File created C:\Windows\system32\perfh007.dat OUTLOOK.EXE File created C:\Windows\system32\perfc00C.dat OUTLOOK.EXE File created C:\Windows\system32\perfh00C.dat OUTLOOK.EXE File created C:\Windows\system32\perfh011.dat OUTLOOK.EXE File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI OUTLOOK.EXE File created C:\Windows\system32\perfh010.dat OUTLOOK.EXE File created C:\Windows\system32\perfc011.dat OUTLOOK.EXE File created C:\Windows\system32\perfc010.dat OUTLOOK.EXE File created C:\Windows\system32\perfh00A.dat OUTLOOK.EXE File created C:\Windows\SysWOW64\PerfStringBackup.TMP OUTLOOK.EXE File created C:\Windows\system32\perfc007.dat OUTLOOK.EXE File created C:\Windows\system32\perfc009.dat OUTLOOK.EXE File created C:\Windows\system32\perfh009.dat OUTLOOK.EXE File created C:\Windows\system32\perfc00A.dat OUTLOOK.EXE -
Drops file in Windows directory 3 IoCs
Processes:
OUTLOOK.EXEdescription ioc process File created C:\Windows\inf\Outlook\outlperf.h OUTLOOK.EXE File opened for modification C:\Windows\inf\Outlook\outlperf.h OUTLOOK.EXE File created C:\Windows\inf\Outlook\0009\outlperf.ini OUTLOOK.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
OUTLOOK.EXEpid process 2172 OUTLOOK.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OUTLOOK.EXEpid process 2172 OUTLOOK.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\NOTIFICACIÓN ADMISIÓN DE TUTELA RADICADO 2023-6840562-18223-1150..msg"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2172-54-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB