Overview

overview

10

Static

static

1

NOTIFICACI...ca.exe

windows7-x64

10

NOTIFICACI...ca.exe

windows10-2004-x64

10

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI...nv.dll

windows7-x64

3

NOTIFICACI...nv.dll

windows10-2004-x64

3

NOTIFICACI...tl.dll

windows7-x64

1

NOTIFICACI...tl.dll

windows10-2004-x64

3

NOTIFICACI...o.html

windows7-x64

1

NOTIFICACI...o.html

windows10-2004-x64

1

NOTIFICACI...ls.dll

windows7-x64

1

NOTIFICACI...ls.dll

windows10-2004-x64

3

NOTIFICACI...28.exe

windows7-x64

5

NOTIFICACI...28.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTIFICACION_JUDICIAL/Winzip/winzip28.exe

  • Size

    2.8MB

  • MD5

    45127d1c6f547c83594670ecb9ecb47a

  • SHA1

    a7b598bea251eb08df05252b2cacebc685dc3067

  • SHA256

    9ab7364f46747dfeece441fbf8c9b04bb7531484fcaf1052cd1dc080d79b0dcc

  • SHA512

    ecc5f5eb765aaf4486536ec3052a2e9801d3fd0c69a9dbe608e91ff7358cf823d45d70517a70a780b0654d4b7c1cac2d414d1875350099fc266fae74fcae3c5a

  • SSDEEP

    49152:xM7Yh3k3h4u3jGpIpp9R9rWY/zypyAxD37/+TIgjTt/77bpvl+SgRQ:UYh04u3qpIppf9vupd+TI6t/771vl+S/

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\Winzip\winzip28.exe
    "C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\Winzip\winzip28.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3724
    • C:\Users\Admin\AppData\Local\Temp\e5733d1\winzip28.exe
      run=1 shortcut="C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\Winzip\winzip28.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4272
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 2044
        3⤵
        • Program crash
        PID:2908
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4272 -ip 4272
    1⤵
      PID:3492

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\e5733d1\winzip28.exe
      Filesize

      2.8MB

      MD5

      45127d1c6f547c83594670ecb9ecb47a

      SHA1

      a7b598bea251eb08df05252b2cacebc685dc3067

      SHA256

      9ab7364f46747dfeece441fbf8c9b04bb7531484fcaf1052cd1dc080d79b0dcc

      SHA512

      ecc5f5eb765aaf4486536ec3052a2e9801d3fd0c69a9dbe608e91ff7358cf823d45d70517a70a780b0654d4b7c1cac2d414d1875350099fc266fae74fcae3c5a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\Load.html
      Filesize

      2KB

      MD5

      1757c2d0841f85052f85d8d3cd03a827

      SHA1

      801b085330505bad85e7a5af69e6d15d962a7c3a

      SHA256

      3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

      SHA512

      4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\common\js\common.js
      Filesize

      45KB

      MD5

      87daf84c22986fa441a388490e2ed220

      SHA1

      4eede8fb28a52e124261d8f3b10e6a40e89e5543

      SHA256

      787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23

      SHA512

      af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\common\js\external.js
      Filesize

      36B

      MD5

      140918feded87fe0a5563a4080071258

      SHA1

      9a45488c130eba3a9279393d27d4a81080d9b96a

      SHA256

      25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

      SHA512

      56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\common\js\jquery-1.11.2.min.js
      Filesize

      93KB

      MD5

      5790ead7ad3ba27397aedfa3d263b867

      SHA1

      8130544c215fe5d1ec081d83461bf4a711e74882

      SHA256

      2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

      SHA512

      781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\config\config.js
      Filesize

      5KB

      MD5

      34f8eb4ea7d667d961dccfa7cfd8d194

      SHA1

      80ca002efed52a92daeed1477f40c437a6541a07

      SHA256

      30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

      SHA512

      b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\config\installparams.js
      Filesize

      555B

      MD5

      d8e07fe541f3b4fe351c839495fd73fe

      SHA1

      fcf2ac72469f4b49ab684f50008ff7b45f7415d9

      SHA256

      5117137340bf76ef25dd961c5dd8a04435837536232671eb9ebca3e581de3043

      SHA512

      f5b11e4d550ee22ee8200fedcbf0f42342d9d4206d567a5afc467f64b15224f4ae8c411543ce0868a422db626f2decbc8e520db02b512c68549c26461aba1988

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\e573529\config\stubparams.js
      Filesize

      37KB

      MD5

      91f6304d426d676ec9365c3e1ff249d5

      SHA1

      05a3456160862fbaf5b4a96aeb43c722e0a148da

      SHA256

      823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b

      SHA512

      530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

      Download Submit