Overview

overview

3

Static

static

3

Pliego+T�...y+.exe

windows7-x64

3

Pliego+T�...y+.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pliego+Tcnico+-+Desmontaje+de+puerta+y+.exe

  • Size

    722KB

  • MD5

    b4d30842f7791c314b5793b467e2e40c

  • SHA1

    4fd12e0aa4c9843ff3b42aaf3c2efccb94d76124

  • SHA256

    8048e53dd3e484c96e5f586ab9e4152a173364144ad9a50baa050222f61d3a9e

  • SHA512

    3a3ff969fafcc390654e02ef1bb37687dd797fdcb96a9574e5d1e5166b548b75569bcbc2ef4fb78d784c1b0dd987c2e79988e17bc09d636952143dc047444c4e

  • SSDEEP

    12288:+jv732EXsNCjClPiCrybSHcPw+DN53qPIfm6JIqQXElHnsKptYP9ciE8b7PXVj:qb2w6la4fAiPI+6CElHntfYPaiE8b7tj

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Pliego+Tcnico+-+Desmontaje+de+puerta+y+.exe
    "C:\Users\Admin\AppData\Local\Temp\Pliego+Tcnico+-+Desmontaje+de+puerta+y+.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2592
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 1212
      2⤵
      • Program crash
      PID:1636
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 2592 -ip 2592
    1⤵
      PID:2596

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2592-0-0x0000000074CAE000-0x0000000074CAF000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2592-1-0x0000000000A10000-0x0000000000ACA000-memory.dmp
      Filesize

      744KB

      Download
    • memory/2592-2-0x0000000005A50000-0x0000000005FF4000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/2592-3-0x00000000054A0000-0x0000000005532000-memory.dmp
      Filesize

      584KB

      Download
    • memory/2592-4-0x0000000005630000-0x000000000563A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/2592-5-0x0000000074CA0000-0x0000000075450000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/2592-6-0x0000000007E40000-0x0000000007EFA000-memory.dmp
      Filesize

      744KB

      Download
    • memory/2592-7-0x0000000007F20000-0x0000000007F42000-memory.dmp
      Filesize

      136KB

      Download
    • memory/2592-8-0x000000000A5B0000-0x000000000A5BC000-memory.dmp
      Filesize

      48KB

      Download
    • memory/2592-9-0x0000000002E00000-0x0000000002E10000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2592-10-0x00000000068B0000-0x0000000006934000-memory.dmp
      Filesize

      528KB

      Download
    • memory/2592-11-0x000000000B660000-0x000000000B6FC000-memory.dmp
      Filesize

      624KB

      Download
    • memory/2592-12-0x0000000074CAE000-0x0000000074CAF000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2592-13-0x0000000074CA0000-0x0000000075450000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/2592-14-0x0000000074CA0000-0x0000000075450000-memory.dmp
      Filesize

      7.7MB

      Download