Analysis
-
max time kernel
147s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 22:43
General
-
Target
785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP.zip
-
Size
2.3MB
-
MD5
43f008e55da1461922d6374ee0f25330
-
SHA1
c1ef8c6619ce86642c560010e117b703b798a586
-
SHA256
1099a2b68b2ad1e548646cb81fd37a236bd0476b5036f33416831e74a14d1e8f
-
SHA512
7961935c60076667ef2927736c2a71cb63e2c9e24f4837e3ea50224501504d315f315f1ea2238b145313f1776be9f5504b45942c85cf5cf3e08e628d314fb1db
-
SSDEEP
49152:i4ufFGQQrzi18xSTuuu/6vAFY2cgYDfRw6UaEhu0RyJqb8uDM:BDOoSoCvGcdVUaf0EQ8uw
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
-
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP\" -spe -an -ai#7zMap5133:204:7zEvent192901⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP\273299Citacion102699DelitosxyppyfyInternacionalesPNQSDA.vbs"1⤵
- Blocklisted process makes network request
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP\273299Citacion102699DelitosxyppyfyInternacionalesPNQSDA.vbs"1⤵
- Blocklisted process makes network request
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP\273299Citacion102699DelitosxyppyfyInternacionalesPNQSDA.vbs"1⤵
- Blocklisted process makes network request
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Documents\Arquivo_C\5-22-2024.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Documents\Projeto_B\5-22-2024.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Documents\Relatorios_C\5-22-2024.txt1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\Desktop\785858Ord_Citacion022555Investigativa_DelitosdsxdkgfInternacionalesXOQVGP\273299Citacion102699DelitosxyppyfyInternacionalesPNQSDA.vbsFilesize
4KB
MD5a62708122d7c4d9d2d8bb7f2ecf440f7
SHA1f9ad05722234a718f836cdece780161e77b188a6
SHA256eda81732c8c97f402eb529cfebb4422d0881d7c752fafe247ffb9d0cb23ea554
SHA51228a8d2b59ff27798623ebd433a9e10d319324ed2c255334ed1de1faa8e306b04f2241088fab8b162d8e77a372d5e60ad46f71b3a8336517887e7beb4f63ba530