Overview

overview

3

Static

static

1

NOTIFICACI...RE.rar

windows7-x64

3

NOTIFICACI...RE.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    154s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2023, 07:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTIFICACIÓN DE RECIBO DE PAG No 853674 31 DE OCTUBRE.rar

  • Size

    1.6MB

  • MD5

    f84ae205b509b24a6adcd7966032dabc

  • SHA1

    ba77583fc5554344736c8c519c8aa41aac4a2dbe

  • SHA256

    7e4207f25f972b66b27b678a9e56e5ef28c9bee0cb569da71baaebe1ea9bec45

  • SHA512

    c8d4e755e5a1c67631dc96649a96fe7ce147609194aac29847ec694ae5db99c9b0534f42e35386938b689807481e677171687f6b4ff850d8d7e0a713601d8292

  • SSDEEP

    24576:8RhTqHmIDwvNje8yn2zi3ZJKAtVw6HFboyTAvy9ahFk+RbbgzUEruBzbM3:Mv1q8y2zKZJ1tVw6H0vyehngzU/BC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\NOTIFICACIÓN DE RECIBO DE PAG No 853674 31 DE OCTUBRE.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\NOTIFICACIÓN DE RECIBO DE PAG No 853674 31 DE OCTUBRE.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\NOTIFICACIÓN DE RECIBO DE PAG No 853674 31 DE OCTUBRE.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2436

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2436-29-0x000000013FA60000-0x000000013FB58000-memory.dmp

          Filesize

          992KB

          Download

        • memory/2436-30-0x000007FEF6DB0000-0x000007FEF6DE4000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2436-31-0x000007FEF5A10000-0x000007FEF5CC4000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/2436-32-0x000007FEFB910000-0x000007FEFB928000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2436-33-0x000007FEFB590000-0x000007FEFB5A7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2436-34-0x000007FEF6D90000-0x000007FEF6DA1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-35-0x000007FEF6990000-0x000007FEF69A7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2436-36-0x000007FEF58C0000-0x000007FEF58D1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-37-0x000007FEF58A0000-0x000007FEF58BD000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2436-38-0x000007FEF56A0000-0x000007FEF58A0000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2436-39-0x000007FEF5680000-0x000007FEF5691000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-40-0x000007FEF5640000-0x000007FEF567F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2436-41-0x000007FEF5610000-0x000007FEF5631000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2436-45-0x000007FEF4500000-0x000007FEF4511000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-44-0x000007FEF4520000-0x000007FEF4531000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-43-0x000007FEF4540000-0x000007FEF4558000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2436-42-0x000007FEF4560000-0x000007FEF560B000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/2436-46-0x000007FEF44E0000-0x000007FEF44F1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-50-0x000007FEF4450000-0x000007FEF4480000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2436-51-0x000007FEF43E0000-0x000007FEF4447000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2436-49-0x000007FEF4480000-0x000007FEF4498000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2436-48-0x000007FEF44A0000-0x000007FEF44B1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-47-0x000007FEF44C0000-0x000007FEF44DB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2436-52-0x000007FEF4370000-0x000007FEF43DF000-memory.dmp

          Filesize

          444KB

          Download

        • memory/2436-53-0x000007FEF4350000-0x000007FEF4361000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-56-0x000007FEF4290000-0x000007FEF42B4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/2436-55-0x000007FEF42C0000-0x000007FEF42E8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2436-54-0x000007FEF42F0000-0x000007FEF4346000-memory.dmp

          Filesize

          344KB

          Download

        • memory/2436-57-0x000007FEF4270000-0x000007FEF4287000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2436-58-0x000007FEF4240000-0x000007FEF4263000-memory.dmp

          Filesize

          140KB

          Download

        • memory/2436-59-0x000007FEF4220000-0x000007FEF4231000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-60-0x000007FEF4200000-0x000007FEF4212000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2436-61-0x000007FEF41D0000-0x000007FEF41F1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2436-62-0x000007FEF41B0000-0x000007FEF41C3000-memory.dmp

          Filesize

          76KB

          Download

        • memory/2436-63-0x000007FEF4190000-0x000007FEF41A2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2436-64-0x000007FEF4050000-0x000007FEF418B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2436-65-0x000007FEF4020000-0x000007FEF404C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2436-66-0x000007FEF3E60000-0x000007FEF4012000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2436-67-0x000007FEF3E00000-0x000007FEF3E5C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/2436-68-0x000007FEF3DE0000-0x000007FEF3DF1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-69-0x000007FEF3D40000-0x000007FEF3DD7000-memory.dmp

          Filesize

          604KB

          Download

        • memory/2436-70-0x000007FEF3D20000-0x000007FEF3D32000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2436-73-0x000007FEF3A70000-0x000007FEF3A95000-memory.dmp

          Filesize

          148KB

          Download

        • memory/2436-72-0x000007FEF3AA0000-0x000007FEF3AD5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2436-71-0x000007FEF3AE0000-0x000007FEF3D11000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2436-74-0x000007FEF3A50000-0x000007FEF3A61000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-75-0x000007FEF39E0000-0x000007FEF3A41000-memory.dmp

          Filesize

          388KB

          Download

        • memory/2436-76-0x000007FEF39C0000-0x000007FEF39D1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-77-0x000007FEF39A0000-0x000007FEF39B2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2436-78-0x000007FEF3980000-0x000007FEF3993000-memory.dmp

          Filesize

          76KB

          Download

        • memory/2436-79-0x000007FEF38E0000-0x000007FEF397F000-memory.dmp

          Filesize

          636KB

          Download

        • memory/2436-80-0x000007FEF38C0000-0x000007FEF38D1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-81-0x000007FEF37B0000-0x000007FEF38B2000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2436-82-0x000007FEF3790000-0x000007FEF37A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-83-0x000007FEF3610000-0x000007FEF3788000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2436-86-0x000007FEF35B0000-0x000007FEF35C1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-85-0x000007FEF35D0000-0x000007FEF35E1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2436-84-0x000007FEF35F0000-0x000007FEF3607000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2436-87-0x000007FEF3590000-0x000007FEF35A2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2436-88-0x000007FEF3570000-0x000007FEF3588000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2436-89-0x000007FEF3550000-0x000007FEF3566000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2436-90-0x000007FEF3520000-0x000007FEF3549000-memory.dmp

          Filesize

          164KB

          Download

        • memory/2436-91-0x000007FEF3500000-0x000007FEF3512000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2436-92-0x000007FEF34E0000-0x000007FEF34F1000-memory.dmp

          Filesize

          68KB

          Download