Overview
overview
10Static
static
3Soboce.zip
windows7-x64
1Soboce.zip
windows10-2004-x64
1e6b82e1c-a...6d.eml
windows7-x64
5e6b82e1c-a...6d.eml
windows10-2004-x64
3Solicitud ...DF.rar
windows7-x64
3Solicitud ...DF.rar
windows10-2004-x64
3Formulario...DF.exe
windows7-x64
10Formulario...DF.exe
windows10-2004-x64
10email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1image001.png
windows7-x64
3image001.png
windows10-2004-x64
3Analysis
-
max time kernel
143s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
18-07-2024 13:18
Static task
static1
Behavioral task
behavioral1
Sample
Soboce.zip
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Soboce.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
e6b82e1c-ac44-4023-8042-08dca5e19c90/4a7406b5-aea0-3461-afa2-c5f3f9b9a06d.eml
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
e6b82e1c-ac44-4023-8042-08dca5e19c90/4a7406b5-aea0-3461-afa2-c5f3f9b9a06d.eml
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Formulario de solicitud de pedido Soboce S A No 17850 16 07 2024_PDF.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Formulario de solicitud de pedido Soboce S A No 17850 16 07 2024_PDF.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
email-html-2.html
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
email-html-2.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
email-plain-1.txt
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
email-plain-1.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
image001.png
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
image001.png
Resource
win10v2004-20240709-en
General
-
Target
Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar
-
Size
714KB
-
MD5
325b88a0301801c9e04590d2514f6a8e
-
SHA1
79203bbe463d36eb199c2b97732ba638b5764780
-
SHA256
81f6ee45019c48d23ac3265a1ba120d0b34a74e7a51ae3d1c5cecea4db88fe8b
-
SHA512
32163a4ff580ee3ed1f43ba1990e8688cedd5b44c93ca7de138d6fe69eaaacd6712a3c19c260f692ab964db7677f5d8d79c5171785a4fbd7d15e8d6621b69621
-
SSDEEP
12288:lDYQqAva5eO/WQKTYqW/niHEofaPHKDb79xAvRIyWmipePX0xU571Or0X:l2nUO/WQeYqGnilfafKDLgIyWePX0C5n
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
rundll32.exerundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 2608 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 2608 vlc.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
Processes:
vlc.exepid process 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
Processes:
vlc.exepid process 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe 2608 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 2608 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
cmd.exerundll32.exerundll32.exedescription pid process target process PID 1688 wrote to memory of 2424 1688 cmd.exe rundll32.exe PID 1688 wrote to memory of 2424 1688 cmd.exe rundll32.exe PID 1688 wrote to memory of 2424 1688 cmd.exe rundll32.exe PID 2424 wrote to memory of 2740 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2740 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2740 2424 rundll32.exe rundll32.exe PID 2740 wrote to memory of 2608 2740 rundll32.exe vlc.exe PID 2740 wrote to memory of 2608 2740 rundll32.exe vlc.exe PID 2740 wrote to memory of 2608 2740 rundll32.exe vlc.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar"1⤵
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Solicitud de Pedido SP N° 17850_16 07 2024 Soboce S.A_PDF.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2608