Overview

overview

10

Static

static

1

01 NOTIFIC......exe

windows7-x64

10

01 NOTIFIC......exe

windows10-2004-x64

10

01 NOTIFIC...er.dll

windows7-x64

1

01 NOTIFIC...er.dll

windows10-2004-x64

1

01 NOTIFIC...ge.ogg

windows7-x64

1

01 NOTIFIC...ge.ogg

windows10-2004-x64

7

01 NOTIFIC...or.psd

windows7-x64

3

01 NOTIFIC...or.psd

windows10-2004-x64

3

01 NOTIFIC...20.dll

windows7-x64

1

01 NOTIFIC...20.dll

windows10-2004-x64

1

01 NOTIFIC...20.dll

windows7-x64

1

01 NOTIFIC...20.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01 NOTIFICACION DEMANDA/fascinator.psd

  • Size

    633KB

  • MD5

    b5235767ba1ad2d53106727ea4c165e4

  • SHA1

    017d9e13ed9f7b25f864341e92357116a6b07c3a

  • SHA256

    c6e7629d113a64b4a32955df1ac57c15cbafb8aebd3157c11b93124cadd78583

  • SHA512

    8022f30a202517c1b52cfa58617153901c5a0e6ed45d4373bc0b6e7250be7d60bee9961f257d1b73194805c370b9e007550d8a9c0d091457a0ea306a7790a1a4

  • SSDEEP

    12288:hrcHzmmm6mXudkUGGlw7q/jDSL+2VFfbasTE:QvdkUBw72qPVdE

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\fascinator.psd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\fascinator.psd
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\fascinator.psd"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    2c4e6e2e7bce9e4d9e33bc3b836e3e19

    SHA1

    f7f0522eb755a59d6511fb57e73e54da95d9f8ae

    SHA256

    357b79ca06656b2d515adbb9507b0b8c6c67ede7a30735ba077b4bb7c5a2ab09

    SHA512

    6a0a5b9d56241620c089b8d17c1cc9e44890eb1370751a406791c41d3cb2c5f9d876f7d6a6498f665a7146a1bbe711d992ed84be186292726c9f194e4fbbbb42

    Download Submit