Overview

overview

10

Static

static

1

Citación...da.zip

windows11-21h2-x64

1

CITACION D...DA.exe

windows11-21h2-x64

10

CITACION D...MI.dll

windows11-21h2-x64

1

CITACION D...EX.dll

windows11-21h2-x64

1

CITACION D...IO.dll

windows11-21h2-x64

3

CITACION D...in.eps

windows11-21h2-x64

3

CITACION D...and.ai

windows11-21h2-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    144s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-04-2024 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CITACION DEMANDA/riband.ai

  • Size

    649KB

  • MD5

    70c2a4ca2f42dac8154bf15ec078fbc0

  • SHA1

    6d4f77de5f928aa56111a96d6e0a20e84014c1ab

  • SHA256

    72e93e8cba000a98027f751dd87e6e596b9712c54858d21555a74a35eb841280

  • SHA512

    604f1bdb477face6d7a42e39e9fd9171b6c36b03e1839fbf6e73d8e8bb76a2d36e7b434dc77ee42ed8692e2a2dea048d630fa8a17331e1229cc26e3ff5030b3a

  • SSDEEP

    12288:JOHdSuRSfcW89miMMZHyG9QKAn43GGFXeEXjP+dNPwy3J+lNyHUNfh/GDkH6yVPy:aNRwjNQSKnAn43GGFumjP+dZwzGUNhXM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\CITACION DEMANDA\riband.ai"
    1⤵
    • Modifies registry class
    PID:1760
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4460

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads