Overview
overview
10Static
static
1Citación...da.zip
windows11-21h2-x64
1CITACION D...DA.exe
windows11-21h2-x64
10CITACION D...MI.dll
windows11-21h2-x64
1CITACION D...EX.dll
windows11-21h2-x64
1CITACION D...IO.dll
windows11-21h2-x64
3CITACION D...in.eps
windows11-21h2-x64
3CITACION D...and.ai
windows11-21h2-x64
3Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
26-04-2024 21:37
Static task
static1
Behavioral task
behavioral1
Sample
Citación Demanda.zip
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
CITACION DEMANDA/04 CITACION DEMANDA.exe
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
CITACION DEMANDA/ASUS_WMI.dll
Resource
win11-20240419-en
Behavioral task
behavioral4
Sample
CITACION DEMANDA/ATKEX.dll
Resource
win11-20240419-en
Behavioral task
behavioral5
Sample
CITACION DEMANDA/AsIO.dll
Resource
win11-20240426-en
Behavioral task
behavioral6
Sample
CITACION DEMANDA/parkin.eps
Resource
win11-20240426-en
Behavioral task
behavioral7
Sample
CITACION DEMANDA/riband.ai
Resource
win11-20240419-en
General
-
Target
CITACION DEMANDA/riband.ai
-
Size
649KB
-
MD5
70c2a4ca2f42dac8154bf15ec078fbc0
-
SHA1
6d4f77de5f928aa56111a96d6e0a20e84014c1ab
-
SHA256
72e93e8cba000a98027f751dd87e6e596b9712c54858d21555a74a35eb841280
-
SHA512
604f1bdb477face6d7a42e39e9fd9171b6c36b03e1839fbf6e73d8e8bb76a2d36e7b434dc77ee42ed8692e2a2dea048d630fa8a17331e1229cc26e3ff5030b3a
-
SSDEEP
12288:JOHdSuRSfcW89miMMZHyG9QKAn43GGFXeEXjP+dNPwy3J+lNyHUNfh/GDkH6yVPy:aNRwjNQSKnAn43GGFumjP+dZwzGUNhXM
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4460 OpenWith.exe