Analysis
-
max time kernel
195s -
max time network
298s -
platform
windows10-1703_x64 -
resource
win10-20240404-es -
resource tags
-
submitted
07/05/2024, 17:18
General
-
Target
RV 684-CITACIÓN DEMANDA 02-JUZGADO 009 PENAL DEL CIRCUITO-84.msg
-
Size
1.5MB
-
MD5
7c189e9a8b435132cd1f0f6e6304f879
-
SHA1
1d3ae5db2dd745021cc67bdcaaca32c22ec16976
-
SHA256
f92ad0f535ed6aac1972b9bb845cef324d03dfa8d371528c0b873778043a3b04
-
SHA512
7ae55f5a0879b72725b8884baf6f984c16f8c2fd7ae4cab94d938ef6b4bf0697025b9ca959e87c734e5d4e66a37844eec060fb7a67d530e99f6944590593d481
-
SSDEEP
24576:XVnuCvD5dEqQMnK6U8z2g1Vj/irXHIl5woW36xlxFr98:EqNKbg1Vj/6XHIl5wn+R58
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 49 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\RV 684-CITACIÓN DEMANDA 02-JUZGADO 009 PENAL DEL CIRCUITO-84.msg"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\RV 684-CITACIÓN DEMANDA 02-JUZGADO 009 PENAL DEL CIRCUITO-84.msg2⤵
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵