Overview

overview

5

Static

static

1

Boleta de ...ca.msg

windows7-x64

5

Boleta de ...ca.msg

windows10-2004-x64

3

Resubmissions

23-05-2024 00:45

240523-a4h5aafd58 5

23-05-2024 00:05

240523-adjywseb3z 10

Analysis

  • max time kernel
    75s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Boleta de citación juridica.msg

  • Size

    315KB

  • MD5

    e836fb1f96c40711caf7cf99ad833369

  • SHA1

    ffa515bf1b036a959d57e1c70dad202e0c8ddf7d

  • SHA256

    c5539e4f4d7e3782803b07d8524b2a40bbd5327736672b091c88067e17896239

  • SHA512

    66ec28c9d8bb73f0364fa3ca3837d17b5224df5019fb4f34047ff2816f7538c6f2b791c5ef4a22e97c7b5bfb463f920048d18d442fa8ab3d854c5a6d44706b4f

  • SSDEEP

    3072:dDEPM1LzJxsweUyGUuthvv0F8Tr6wmM79kUwafYZMTwZfZZZpiZ98TyOZlqCWusy:+MZoyWZ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 34 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Boleta de citación juridica.msg"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1200
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    1⤵
      PID:1644
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\Notificacion judicial.svg
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1624

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      344b424b5152c48a3fa8d4061aa8b4d1

      SHA1

      bcc7349102d34fabff2f85a12c3c246be64c4aea

      SHA256

      85a371d2002fdf146f3525eb6a8a4316b1046806ae45e54b3264b8f79ebd0fc0

      SHA512

      ed03ca2b02e30c9d92069b23f72c0b2f0e00f0afd128591ff1893fe99986b909dd314598cf334771d7cafadca6f754b12b7d5afd54aa51bde4d520c66bd3c877

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      29b9f0c42b85cdc1b3a495e0006c0ba9

      SHA1

      91fbe3c0304711a9cd7db5fbeecc56f88b7396c8

      SHA256

      e89518a4195309be95097429d76cd95a21da16ecff34b2da0cbfac6c69d89ad2

      SHA512

      148259b210cbe916497517fe9dfaf2b73772bb83c95662a9c120978de3dd7fa5ef30c1b7a746c47800a0f7ab60935d35bfcb4d4592146c3d11073bd711f07cb8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d42db2ab866193f52346de8326c26a82

      SHA1

      53e92039db65c690895b6e84f02e40eff82cdde8

      SHA256

      67310200a92f22ecae473af8b096c1a11a238b10e3f69cc7030528beba03511d

      SHA512

      4a94868867fa73d21053652b7c65f40d7021e1edf7eee0c627a7fff0c3ac27210e12c33b6f3d1eaf04293f0e2132d6751c5e3f9f1e93004f4e5ce2fb3fef0e32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c33c19c6d045650c512742260441222e

      SHA1

      550d1c0009488a624c337f6b97ff35ac72fe0bc7

      SHA256

      64a4dbc1b58cb4e628f9bd29b995e933ed6bcb070006ea6be28844f91e47ea27

      SHA512

      e5941829ef13e40298dba653fd95d124ad2a3240a739ca004c369e3a93de71d9296137d8e20f551bf52c62cdb39d527b7deff870f4cedaf10154d2c4db91a53f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8668e8e4c2deaeb624ff33ed88e26a55

      SHA1

      a4fd3ca6329105b81f7d8305b4c7d5f4feaa9747

      SHA256

      c2e35aa71be2e487e07fb0caf05cb27e65b019a02aa1769fb51af9d0ed5484d1

      SHA512

      d37466e54c5ba471711ddcf906106f55cd29db6630b67648429131cd59469efc9ea4f6433c434e5a8633689f479555250047eb7f1b3ed8cd7100023d420a174c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d500753ddf324855b777ad1f38626cd9

      SHA1

      7f7d1c7a7ea3095cf5d9706838cbc40d3e1cc1f1

      SHA256

      a2f638ffe707ea5252347a1f9364c2de20902210bf214dd22b93d97b2c3499c8

      SHA512

      75eb16c86886fa5edac795537f395dc56653ade6f9e539ecfbd9862f75c24580d5c78f2fae6035f5573652c2a39f6b6126348c8552e49b5f4091f54f60062e4c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b928c581c570f87b56b3f8e55eff1162

      SHA1

      2b86703518132df8b89263d25bdd3d254e9c7730

      SHA256

      623938b6c514395df564a3e56711b808dfb5521ed986145bb1a21e461dac98c2

      SHA512

      d0c8eddf5d059277fa405696583fffb9780f9dd09482295c710a5861e3292e7b866d9070ef4a3d68aaffc4444c235a1722affe1243e0f2a1ae906e21e14656dd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
      Filesize

      1KB

      MD5

      48dd6cae43ce26b992c35799fcd76898

      SHA1

      8e600544df0250da7d634599ce6ee50da11c0355

      SHA256

      7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

      SHA512

      c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA305.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA3F7.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{72F01929-12B5-473C-A928-B7D374534E53}.html
      Filesize

      6KB

      MD5

      adf3db405fe75820ba7ddc92dc3c54fb

      SHA1

      af664360e136fd5af829fd7f297eb493a2928d60

      SHA256

      4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

      SHA512

      69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • C:\Users\Admin\Desktop\Notificacion judicial.svg
      Filesize

      243KB

      MD5

      bc850035f1d20e3cf765d10babc46daa

      SHA1

      8420f42fcb09540daad0fa8e1dc3600a752d1d5d

      SHA256

      9f05248d58a941230423f6d1d39255bab80a61f1c98279979a3a293ce5dc0f93

      SHA512

      5e8c35cb6121d979360ad2c32a581162e9f0abda95e963a8d71cf89a78b2aab324271b1682e51f9ecbc6bf127e2a4d62068e4165a42a5f2cd32d1f4d0d6c65f4

      Download Submit

    • memory/1200-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1200-194-0x000000007333D000-0x0000000073348000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1200-193-0x000000000DD20000-0x000000000DD22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1200-1-0x000000007333D000-0x0000000073348000-memory.dmp

      Filesize

      44KB

      Download