Analysis
-
max time kernel
1165s -
max time network
1170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2024, 17:19
Static task
static1
Behavioral task
behavioral1
Sample
6DEMANDA POR DAÑOS Y PERJUICIOS_..msg mwr.msg
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6DEMANDA POR DAÑOS Y PERJUICIOS_..msg mwr.msg
Resource
win10v2004-20231215-en
General
-
Target
6DEMANDA POR DAÑOS Y PERJUICIOS_..msg mwr.msg
-
Size
46KB
-
MD5
d66bb2dd868c2d20201f8818d429c61a
-
SHA1
30ebe13da7520febf0cb3fe14c1c56923e61c85d
-
SHA256
8a7d5bc88cfc31834e41e91e034e305c8b18efde8ee86b69cc315d3dee3785d0
-
SHA512
b6ae6bdc115fce20ec5ff4a30af0bca6900d5440832dff2433f87f80b3a9947ef8b4f298625d25d343265e69b15ddf763cf9fa649b4c42feae886d30491fc781
-
SSDEEP
768:FOwEnFSZmTZpws6fEaksKhsKfenhQ60lwDhR6cEbGC3GKT/Sg:G9z/J+B0lwDhocvKZ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 672 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\6DEMANDA POR DAÑOS Y PERJUICIOS_..msg mwr.msg"1⤵
- Modifies registry class
PID:4696
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:672