Overview
overview
10Static
static
3#6 NOTIFIC...L..exe
windows10-2004-x64
10Microsoft....nifest
windows10-2004-x64
3Microsoft....nifest
windows10-2004-x64
3Microsoft....OC.xml
windows10-2004-x64
1http_dll.dll
windows10-2004-x64
1mfc80u.dll
windows10-2004-x64
1monokini.iso
windows10-2004-x64
3msvcr80.dll
windows10-2004-x64
1Analysis
-
max time kernel
62s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20231201-es -
resource tags
arch:x64arch:x86image:win10v2004-20231201-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
06-12-2023 23:55
Static task
static1
Behavioral task
behavioral1
Sample
#6 NOTIFICACION PROCESO FISCAL..exe
Resource
win10v2004-20231127-es
Behavioral task
behavioral2
Sample
Microsoft.VC80.CRT.manifest
Resource
win10v2004-20231127-es
Behavioral task
behavioral3
Sample
Microsoft.VC80.MFC.manifest
Resource
win10v2004-20231130-es
Behavioral task
behavioral4
Sample
Microsoft.VC80.MFCLOC.xml
Resource
win10v2004-20231201-es
Behavioral task
behavioral5
Sample
http_dll.dll
Resource
win10v2004-20231127-es
Behavioral task
behavioral6
Sample
mfc80u.dll
Resource
win10v2004-20231130-es
Behavioral task
behavioral7
Sample
monokini.iso
Resource
win10v2004-20231201-es
Behavioral task
behavioral8
Sample
msvcr80.dll
Resource
win10v2004-20231130-es
General
-
Target
monokini.iso
-
Size
517KB
-
MD5
c86de9583cb940fc0f859b6bd80774f4
-
SHA1
af33f62c2a9734a387638e6bf6e97dd7ad5e6732
-
SHA256
2c83d90551a91ad60ec36a525821c4f89f41af1ceae22719189307222a8ac824
-
SHA512
4cf971d0363a6aa62eb0cb43c9b4c3ad620ea97af26c81877d33182283c7cac5e4c5e6178869fefd46838121395261d2ceeea5e102b0db74f94bbbf846e09d42
-
SSDEEP
12288:7wrSHsJdzh9E5Uo4ZXZRJqVXBExXRk0U8mc+jpW:lHsJdzihWJrq0DUtLjpW
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2192493100-457715857-1189582111-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
cmd.exedescription pid process Token: SeManageVolumePrivilege 4852 cmd.exe