Overview

overview

7

Static

static

1

justifican...go.exe

windows7-x64

7

justifican...go.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231023-es
  • resource tags

    arch:x64arch:x86image:win7-20231023-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    22-11-2023 11:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    justificante de pago.exe

  • Size

    290KB

  • MD5

    7f45d3ae1250a354a3c0955e0414f9ec

  • SHA1

    e2242211da4349bb85d1935831957405a4f98669

  • SHA256

    206b596f2a06c33b636698217854ab8c417ae20f50ba59247a7a2bed74ccacf2

  • SHA512

    eda0da12d190ce6e03a4f9ab8c1e9e24b3be5a0db186619f167fd54359fbdbf6a40d42162ef67b58c73a012ae73cd99b5b4c6d0e56b77f697ae8bc181480f3ef

  • SSDEEP

    6144:TT4DtPsbFhPYwPL0cMVTmsmOriSyygpCFccq22SWJtC3yv9gg3rZ/m:TTAsbzPT0rVasjSFoF5qltCi9hVm

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Users\Admin\AppData\Local\Temp\justificante de pago.exe
      "C:\Users\Admin\AppData\Local\Temp\justificante de pago.exe"
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Users\Admin\AppData\Local\Temp\justificante de pago.exe
        "C:\Users\Admin\AppData\Local\Temp\justificante de pago.exe"
        3⤵
        • Suspicious use of NtCreateThreadExHideFromDebugger
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2768
    • C:\Windows\SysWOW64\bitsadmin.exe
      "C:\Windows\SysWOW64\bitsadmin.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:932

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsdA7D4.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      014a3be4a7c1ccb217916dbf4f222bd1

      SHA1

      9b4c41eb0e84886beb5591d8357155e27f9c68ed

      SHA256

      09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

      SHA512

      0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\xnuhhhj.zip
      Filesize

      433KB

      MD5

      ecc8ac417181d4885ef8c208d1f073dc

      SHA1

      33154e45485bc0ae3bb0203ffcb9baaaed4038d3

      SHA256

      d01c69d09282f9050f6b113c45884fe9b9abf3bdf5bd93b45927d9b6bfb233fe

      SHA512

      f7601763447bed9b7b45fef2bd584da669636d2657c6066516c949e713ce1caf0641a1889345e92e584b84f438fa19029d13c6f6f1583d35fcc1eb3f998631da

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsdA7D4.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      014a3be4a7c1ccb217916dbf4f222bd1

      SHA1

      9b4c41eb0e84886beb5591d8357155e27f9c68ed

      SHA256

      09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

      SHA512

      0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsdA7D4.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      014a3be4a7c1ccb217916dbf4f222bd1

      SHA1

      9b4c41eb0e84886beb5591d8357155e27f9c68ed

      SHA256

      09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

      SHA512

      0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsdA7D4.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      014a3be4a7c1ccb217916dbf4f222bd1

      SHA1

      9b4c41eb0e84886beb5591d8357155e27f9c68ed

      SHA256

      09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

      SHA512

      0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsdA7D4.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      014a3be4a7c1ccb217916dbf4f222bd1

      SHA1

      9b4c41eb0e84886beb5591d8357155e27f9c68ed

      SHA256

      09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

      SHA512

      0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsdA7D4.tmp\System.dll
      Filesize

      12KB

      MD5

      564bb0373067e1785cba7e4c24aab4bf

      SHA1

      7c9416a01d821b10b2eef97b80899d24014d6fc1

      SHA256

      7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

      SHA512

      22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

      Download Submit

    • \Users\Admin\AppData\Local\Temp\sqlite3.dll
      Filesize

      828KB

      MD5

      d5ea9b5814553bd2f9bbb8bf0ea94ed6

      SHA1

      29629836c088dcd968efb321832edcbcfaac5b51

      SHA256

      5ea67d6b7f67301ca214af511740f26b9e6cc9e16b2c0ec7bba071d05b9bde78

      SHA512

      6867452995c8354622fe22ce4fb4868d2b9cb28bb31aa60b42f06e494b952f66c427aa66c7af09240954bf55ebcde62d4c7feb9d99e742ea3bc5beb3756a7a1e

      Download Submit

    • memory/1212-124-0x0000000004420000-0x00000000044D5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/1212-80-0x0000000004420000-0x00000000044D5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/1212-79-0x0000000004420000-0x00000000044D5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/1940-29-0x0000000074A60000-0x0000000074A67000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1940-28-0x00000000776A0000-0x0000000077776000-memory.dmp

      Filesize

      856KB

      Download

    • memory/1940-27-0x00000000774B0000-0x0000000077659000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2768-60-0x0000000034DE0000-0x00000000350E3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2768-54-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-58-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-59-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-56-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-61-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-67-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-68-0x00000000000C0000-0x00000000000E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2768-30-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-31-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-71-0x0000000001470000-0x0000000004A3D000-memory.dmp

      Filesize

      53.8MB

      Download

    • memory/2768-32-0x00000000774B0000-0x0000000077659000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2768-72-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-57-0x0000000000400000-0x0000000001462000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/2768-55-0x0000000001470000-0x0000000004A3D000-memory.dmp

      Filesize

      53.8MB

      Download

    • memory/2804-78-0x0000000000450000-0x00000000004EF000-memory.dmp

      Filesize

      636KB

      Download

    • memory/2804-77-0x0000000002120000-0x0000000002423000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2804-74-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2804-70-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2804-121-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2804-122-0x0000000061E00000-0x0000000061EBC000-memory.dmp

      Filesize

      752KB

      Download

    • memory/2804-123-0x0000000000450000-0x00000000004EF000-memory.dmp

      Filesize

      636KB

      Download

    • memory/2804-69-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download