Overview
overview
10Static
static
3#6 NOTIFIC...L..exe
windows10-2004-x64
10Microsoft....nifest
windows10-2004-x64
3Microsoft....nifest
windows10-2004-x64
3Microsoft....OC.xml
windows10-2004-x64
1http_dll.dll
windows10-2004-x64
1mfc80u.dll
windows10-2004-x64
1monokini.iso
windows10-2004-x64
3msvcr80.dll
windows10-2004-x64
1Analysis
-
max time kernel
61s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-es -
resource tags
arch:x64arch:x86image:win10v2004-20231130-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
06-12-2023 23:55
Static task
static1
Behavioral task
behavioral1
Sample
#6 NOTIFICACION PROCESO FISCAL..exe
Resource
win10v2004-20231127-es
Behavioral task
behavioral2
Sample
Microsoft.VC80.CRT.manifest
Resource
win10v2004-20231127-es
Behavioral task
behavioral3
Sample
Microsoft.VC80.MFC.manifest
Resource
win10v2004-20231130-es
Behavioral task
behavioral4
Sample
Microsoft.VC80.MFCLOC.xml
Resource
win10v2004-20231201-es
Behavioral task
behavioral5
Sample
http_dll.dll
Resource
win10v2004-20231127-es
Behavioral task
behavioral6
Sample
mfc80u.dll
Resource
win10v2004-20231130-es
Behavioral task
behavioral7
Sample
monokini.iso
Resource
win10v2004-20231201-es
Behavioral task
behavioral8
Sample
msvcr80.dll
Resource
win10v2004-20231130-es
General
-
Target
msvcr80.dll
-
Size
617KB
-
MD5
1169436ee42f860c7db37a4692b38f0e
-
SHA1
4ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3
-
SHA256
9382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46
-
SHA512
e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0
-
SSDEEP
12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1920 wrote to memory of 4612 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 4612 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 4612 1920 rundll32.exe rundll32.exe