17903ff26a562a06c1f303b34ebad57d8cce0ee27f18551d0254d9164350b45e

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 16:33

Target

BBVA pago transferencias.pdf.exe
Size

1.2MB
MD5

1c58d55ffa67105e77bdcc82a5f05317
SHA1

4e676beec6a7f1d47d0b5c847163980a9ae059bb
SHA256

17903ff26a562a06c1f303b34ebad57d8cce0ee27f18551d0254d9164350b45e
SHA512

f4a1a17c15ce816d0b8db8107eda705002dd5dd10dfa8b01019e1bfe55ac6dfe9007a8dd99fd4e944aca8e4b36faba37846b5720f68ae6ef7a96bd94e7dd68ac
SSDEEP

24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8afPcX6KKKKKKfj6jburEPdu3RUUP:GTvC/MTQYxsWR7afPo6KKKKKKfj6jbuR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1504	2220	WerFault.exe	81

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2220	BBVA pago transferencias.pdf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1864	2220	BBVA pago transferencias.pdf.exe	93
PID 2220 wrote to memory of 1864	2220	BBVA pago transferencias.pdf.exe	93
PID 2220 wrote to memory of 1864	2220	BBVA pago transferencias.pdf.exe	93

C:\Users\Admin\AppData\Local\Temp\BBVA pago transferencias.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\BBVA pago transferencias.pdf.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Users\Admin\AppData\Local\Temp\BBVA pago transferencias.pdf.exe"
  2⤵
  PID:1864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 628
  2⤵
  - Program crash
  PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2220 -ip 2220
1⤵
PID:1996

memory/2220-10-0x0000000003840000-0x0000000003844000-memory.dmp

Filesize
16KB

Download