Overview
overview
10Static
static
3#6 NOTIFIC...L..exe
windows10-2004-x64
10Microsoft....nifest
windows10-2004-x64
3Microsoft....nifest
windows10-2004-x64
3Microsoft....OC.xml
windows10-2004-x64
1http_dll.dll
windows10-2004-x64
1mfc80u.dll
windows10-2004-x64
1monokini.iso
windows10-2004-x64
3msvcr80.dll
windows10-2004-x64
1Analysis
-
max time kernel
37s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-es -
resource tags
arch:x64arch:x86image:win10v2004-20231127-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
06-12-2023 23:55
Static task
static1
Behavioral task
behavioral1
Sample
#6 NOTIFICACION PROCESO FISCAL..exe
Resource
win10v2004-20231127-es
Behavioral task
behavioral2
Sample
Microsoft.VC80.CRT.manifest
Resource
win10v2004-20231127-es
Behavioral task
behavioral3
Sample
Microsoft.VC80.MFC.manifest
Resource
win10v2004-20231130-es
Behavioral task
behavioral4
Sample
Microsoft.VC80.MFCLOC.xml
Resource
win10v2004-20231201-es
Behavioral task
behavioral5
Sample
http_dll.dll
Resource
win10v2004-20231127-es
Behavioral task
behavioral6
Sample
mfc80u.dll
Resource
win10v2004-20231130-es
Behavioral task
behavioral7
Sample
monokini.iso
Resource
win10v2004-20231201-es
Behavioral task
behavioral8
Sample
msvcr80.dll
Resource
win10v2004-20231130-es
General
-
Target
http_dll.dll
-
Size
883KB
-
MD5
deac278cd34bcf4ac1596ed27a7400b5
-
SHA1
a19cc9b06bb61efb143a6f8dd0761e0a41c36394
-
SHA256
7eb439f5da221a3f4978131b2acfe1ac80708654e693874e0b81ccf25600e7f3
-
SHA512
0245bf0c694f64726d72354af47b9ea3e2edec45c69705d620e526aa44eb373aff33b23803b0b1eec1b85e3de267551dcf76e5ce7514d1e9430fffd9e1b3006a
-
SSDEEP
24576:Wzq6uStsPOf+2nVWeqnm5dVjPiV95Myq15:Oq/GbVWCP9yq15
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4112 wrote to memory of 4172 4112 rundll32.exe rundll32.exe PID 4112 wrote to memory of 4172 4112 rundll32.exe rundll32.exe PID 4112 wrote to memory of 4172 4112 rundll32.exe rundll32.exe