asyncrat | 22c7f23dedc2667904b242348ce36ce7e8aa43c1a1579f86d61c27778e141441

Resubmissions

26-07-2024 15:26

240726-sveplszckf 10

26-07-2024 15:22

240726-sr1snszbjd 5

Analysis

max time kernel
299s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240709-es
resource tags

arch:x64arch:x86image:win10v2004-20240709-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
26-07-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-02.svg
Size

365KB
MD5

80193d67d0da94a9d928fe4bc5b3a7cc
SHA1

ec3b1f52e184dd87dfe9ceb2eb5cdca6f96f5dc4
SHA256

6e6577761b13f6a42f212419a8fcca10f35ab9315f24e9be39c8fc5cdfcfea10
SHA512

b376e9152c6ec0b45d8e9fa7d4f298a8ddf2d873c3b42b3f7d60704dbef3c7a4967a6e32fef5cd8fa0019bd6176401c2b8fcc0698437c2ae8082bfacb9088957
SSDEEP

3072:RCkLBpCoMXyV1d/Cl+XlwdgrJGwS4BHKlgeJtonukwUwPsWw5wzwQw6qmPwOhuqZ:RfBpCoK21dE+XlpJGwSsKldhLsuCY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

melo2024.kozow.com:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1596 set thread context of 5076	1596	01 NOTIFICACION DEMANDA..exe	127
PID 5076 set thread context of 5012	5076	cmd.exe	130

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	01 NOTIFICACION DEMANDA..exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664812482082605"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
1596	01 NOTIFICACION DEMANDA..exe
1596	01 NOTIFICACION DEMANDA..exe
1596	01 NOTIFICACION DEMANDA..exe
5076	cmd.exe
5076	cmd.exe
5076	cmd.exe
5076	cmd.exe
5012	MSBuild.exe
5012	MSBuild.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
1596	01 NOTIFICACION DEMANDA..exe
5076	cmd.exe
5076	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5012	MSBuild.exe
228	winrar-x64-701es.exe
228	winrar-x64-701es.exe
228	winrar-x64-701es.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 2144	3512	chrome.exe	84
PID 3512 wrote to memory of 2144	3512	chrome.exe	84
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 2896	3512	chrome.exe	85
PID 3512 wrote to memory of 3664	3512	chrome.exe	86
PID 3512 wrote to memory of 3664	3512	chrome.exe	86
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87
PID 3512 wrote to memory of 3584	3512	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\022-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-02.svg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff98831cc40,0x7ff98831cc4c,0x7ff98831cc58
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1732 /prefetch:3
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3316,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4876,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4760,i,15978526095362189610,13304001195405743994,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:468

C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe
"C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1596
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5076
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5012

C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\winrar-x64-701es.exe
"C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\winrar-x64-701es.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0a57592b8c260a42ecbd133c0f10da79

SHA1
594bca48f48a9791deb484090256349dd2f47135

SHA256
1fdfbda0d3fc0f2a583856bde74119650d16cc6b65cfb3bb219f803361b83452

SHA512
e1eddb12a84250b9f28d1bb80300e32f9f8d1f834a9c60bbc2c89f0fda550a438bf32c0fca6bf0e02437115dc7d37a3e63e646bea0431d10704ce6437d2217e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
606e8d1b44b049e934d68cc5b99dd754

SHA1
fa9c19aabecb8c2587408b3aac8c1b180672eadf

SHA256
2513cd6773c04b8c47d266613739db603a5e109df2cd656c70f8671eeb5994e7

SHA512
482f9b2fa155ab0100b33ac66bd5b7efa8981f86f4e83156656529052d0180e97c8547d87162797a6685de1d25619097b8f4475701644cdbfeab87b27543fbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0231d4681ea7b4cc31d95a2fa98d5a9d

SHA1
3e8feabd83b8d411d4645a679ee9892ad3eb669a

SHA256
03f7bf44ebdec23a90398649b0c82fcb1f41522c5a9574cc4498c9cf0b329773

SHA512
cacd2fdf366acbeb44a61357931c13f79da137d7399554eb60e549cc039f77092a40ba497c1e7171edd4de4246f73e33a3432567ef0fe685bbeaaf1629441d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
3c3cf8b2f98f1d454877917e8194993f

SHA1
e69999533c1fe18c462ab2e54a841aba95045489

SHA256
d2111f5f8f72e51e213c46789d240f209dfac29ea8e0340c882e70a92187485c

SHA512
a5f5b3d79c01636f4975b330bf8ca6c346ae6c1e4cdf4e529d5f4691be3c7650336276ced7cf5bca0768fbea0e3319182c03642dbd54e3270763229df036e36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
af5b0725ca20e11b98c91a1d65901a56

SHA1
34d2252f7e2edeaed6cef924968e5d1a97cb6f3c

SHA256
35b06c82439e050aefc295c22aa171052c85f137908593426c95ff163a3df590

SHA512
18961d7c4170ff66db3ddcab21247df1224d351584d59faac6b6da74595506faf1eab0d32cea95f70350e6c6809cb9c21f25501128e96d6c69ea93ceb7b4ea97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aabd5be94ba85a1e7c838814e1884931

SHA1
840b515361696a918f0f2133f37ddebf43d01c84

SHA256
51817e7a48578b6aae68d9a30472fc2176a7425109ea7facd5ca19acec3274a4

SHA512
0d25ba6d2b269c5399aff4eab0f2e4622a31e0fc289db9b7c625df82eb22fdefe8732ac78c728d84bc2c074b2ddf9642408a3a0cba5efa6b129a8818c537b27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cabe0fec44f5b39f2c66f1b497f6c7f

SHA1
05249caafa3c014215b2ae0a2897330398f87e90

SHA256
bbd7c65f0655f212cc842f1e7f7d58472c129f89febf8225f6157177a2a817f2

SHA512
9d445f517df737687a49eb2984068c173d50073e1176b53d90667ff8f374f872fa99d10327eaeb0d725ab3a53ad8eac4f5afd5f6e50e28af064d120bfa75cfd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
101d65429ece575c91c329bb659a0b6d

SHA1
3de6280508d90a9b7207bc91035ca4b7ab9147b2

SHA256
af0611cbcb37f19e522ee9adccd77b10b649f8822b485fb65e24f6911ed7d5e7

SHA512
c01db232ffe51ab4c6ed2ebcebb11b722e4ee5b3ee6e1ddbc76f10b4fabd19e822d3177690b8fbb75c22243f5c7a574bd7514373c828b93aa3bfaef7cdff4bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
105ec48f63725aa6adb41fc080a58efb

SHA1
2b03b960a075042662f56bee49c9135bb5444013

SHA256
674ffe7be64efc9c820eb434e4193fd3333d39d4788332706f12fa72fcfe101a

SHA512
540cd85a6906a07f2aacf348cbe21d20b22214d6a03f2de4f3f9ec3c35fa285affc751064e46973ef917c3907efb35e1ce943003185c22af5963a0273d4484f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2852791711931af11235752b1b99f8c

SHA1
03d4b9ed4a1ab6e36a2aa0aeb8644dd89dacf04f

SHA256
99f1c75b0c9770b54983cdadf5067bbb0f40805b5c4021ba2efb46916b7355f8

SHA512
ea94598d8179904ab17ad3817d68004f3f3ef40f0351b376ae587f912aabf0fae590520416211d96a9a097754dd081e4f62debcd7eeac51d6d81a09d637792a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7efbb01a04688444ebfec832aedcc183

SHA1
00baf869b5ad057f7fea99af42bf627e3dbf72ce

SHA256
91cad6b068b7f22664e69b7c5be41a611fb2d51f354ee5c145f1359d1cdb94fd

SHA512
b605a0fe3fd2553e448fc8a3760c8eed5a939dea0760f2302a30c162bcb946956d60518ac6c9b7bcaa4acbedd0d0b37cde1ecfbc87c1e9d55f8551f57f4eafc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3d375cee9c317c47d2cf822da49ac4c

SHA1
8ff8586957afb423557f511eef3d1ea6c54a74c0

SHA256
eeb2a705858c508d6cf86d45547989b3834410c301fffe89a4492adf5fcfd25d

SHA512
ad4b4ef2f5330ace84b4bec4e6afc81f0227842c784089824fa788285c3d8a1da4b85874bbb11ab586202b91c8387d153654c4f509e53b60b02f08d9202527d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2955e8c54e1d3ac2d2c1293747fcd18b

SHA1
b18659bfa023e14384e940db959d0e7289078ac8

SHA256
8421d3a0353c357f68b2c79cb91801908bb966cb5fa943d9106cf5dcef087176

SHA512
d9a0170c52e6a0866e0cb2710bfd97f39636a42d189e75dfdf70dd98d666d8f63efe078f6f766e92e3ef5fa64402c2588e2c89ffd3193ac1abfc3f442239ef21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb7050c3b927f8619c5a8666386f8ff4

SHA1
fd71bf5228fd087716e7725bd96100b6c07e615c

SHA256
f79e5ebb2f191636615b8955dcafcaf3ddb218afc0babec229a47a58f0119e80

SHA512
de13b5276b5d03719ba0057c093c6fbd05ca468065316605a66e230f1bfa3dfdc18dfb0967e53f05e3b1734155ddedfdbac7f0c9b312a8770a15755cd95e4fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b15cb4f7b7e9b590eecd4c0936526b74

SHA1
78568c5852603ac690c479d149eab44c8b7866a9

SHA256
29a081e9de1314a2c4ac69fda34124328c0ec082a6669fecd8827c7345042851

SHA512
0d7c1fad175ef15481bc7bef3fa74ff93b7fc644e8183a6f2a488731d62d01161ce35b04f0881a358b2cb0040d9ca81a9ab973d91eccd1510960816703e33edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e3311d4a6a0e1080202cbe7182873ea

SHA1
04320cc0311aa5bb0c6bbe5986ff0440fea10301

SHA256
dac906233b41edf2e6aad248355f9e51e79ce47bfa96cf59cc2d666996d3d467

SHA512
471f4d6c4c3701eab305bd91a0dd8cca50243db7282c9cd851383de549ed41a933344ce8a90b759e08d9bf743bbf2b53a5708410750ec39cdce745c7e7f4548a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa91c6d3c48057a18eeea53cb46112b0

SHA1
aaadb665b32324ca0f339164890b5d0e3c7a9157

SHA256
9cd6bb0a6b4de0df07dd5e51f7a71a07a5ba37d987862c6c086a409f22d67de7

SHA512
8430bdf1c41531f605aed7457e75046cd9b59791bdc0690502a99b3dfb4e88c41f5678e2d6f06381ca0a29bf33f91bd8c3c14b44fb30631d188f4baa98cbf60f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a2d230a63bdd43aa60d0a33dc0d5fea

SHA1
1a1403268c1e61511fccce08135141bc033bfe23

SHA256
d0c7a5c27cfe4107470e9902211d5bdd8cedbd72553d16a3c9bb2781e3be866e

SHA512
83bb35fa737e3236b2820c07f46b2317bf66894f4f7ea038fb404bb9c0fbf4ee8aa1e5d421a27eb664f04c83f25531e1965e4aaa9d039eb202efb10a8982f4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3d3df83388b1069361f779702732bdb

SHA1
200be960173fd9d962428fc05b8b2484efb76940

SHA256
9e95b745046f5b867c1ce253270694a4e291ed4f342c07aee8ae68ff184bcdef

SHA512
ade2c1ad4e7b4eb3949b5544c9a606d257c523f5320c28cda203e3b11544b94ab7b49bd0cbae6eafef85d0fda433cee1fc15ca7688e9bf2be9668ead81125201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95422245b155dd9b62d2f6e6b6c7c651

SHA1
6e6d0582a6f62ee31010a4aca958cf7af58850b4

SHA256
f25ab29c016560cc30ccd5592d71905509b9f397de868378b2fb44d59c0da51b

SHA512
265a2f24cd4ad588c16a0a3d414be0653e5c76145a79162e245a62ac571286e74dd4dab3dea8b79d135abef47d860370363d2d46cd9c3fe5854cd2c67e041830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
2550cde76edfbbcc93200171ee705212

SHA1
1a7b15feaa9da1a5d6ee3a51e102ed73fc610746

SHA256
3dd5c0469e874fd33570c647381099c78ddadadce3d1a40a6b3accc21e26e780

SHA512
fdb63efa8e576d3b17adb6828185c4f3a297cf9514e9a6cd9871c82ef15f4f070aa97266e2e99bd3d72ae47f1e495a8d458b14d2a090c88b60f9cb7bdff88fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
6fe03e97edb8691af28df51d1694499a

SHA1
5cc509a16fcd65837d5d8d503f2fc2616719ef0a

SHA256
06ff63f6bf34cf06026f64cb644f2e2cf1d04f58ce093a0fb32839ae0a5f4885

SHA512
1668c51c30c19fd1d2d7f96ae8d47cdd96113df21ab9e9a8da39b7f3136fd193ed98a34ee5f5c6a3e387eaa02a7b3c48e2fdf345b7f18d1ca573d6c90060378e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
c4df483d8add65bafc942bd6033076f8

SHA1
6a30fa88572d104dd61d401d0855e85668f4a5ab

SHA256
c0f4d1d87b2b0ff35afcf733a0e554694ec52fa8a6a350c21aae257c6e00d08d

SHA512
e1eb941a8cb9b9779c0f0ace3bcb617197c267e052e97e9e31b14256e38cb661efb77900b4ce40ed03831b9ab0fabb3c32e359f06b4f8ed8ae99b8daa2884ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\19b10818

Filesize
774KB

MD5
828957b192acafc385bc17f89462e4df

SHA1
611bea743a16088baf46508f2eae3b4224a1f21a

SHA256
6fb144b109a153b98e4cf857b83d28ad80e42538e0d647f115496aa98e09f26f

SHA512
955d3c35bcdc4b8a5ff6db2d24960d81b70aa44f1d5044b3b04b442dbea66b9f80c40977b44baac92144014d44b2613d9cbe94ba092d107d4cf7cbc7c779af46

Download Submit
C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01.zip.crdownload

Filesize
6.7MB

MD5
da0f823b67bc093b75d381f2a105ecb6

SHA1
11e82222f4070fbadc8c4c2f194ba65d9fa60ac5

SHA256
ed88b5c4a8be75f5da0400817a9514bdcb38e602aa3fe463d39cec523dcd3268

SHA512
3d2986bf2b9d6fc9c7251934f68eab8995dc33b1cf3886c2360afebdc2f9f35a088a2e0d92002a3c225a07095a5213677df78a4bf95ed77842d98a998b1e1016

Download Submit
memory/1596-187-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/1596-185-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/1596-184-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/1596-170-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/1596-186-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1596-188-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/1596-171-0x00007FF996950000-0x00007FF996B45000-memory.dmp

Filesize
2.0MB

Download
memory/1596-180-0x0000000074F32000-0x0000000074F34000-memory.dmp

Filesize
8KB

Download
memory/1596-181-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/1596-182-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/1596-190-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/1596-189-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/5012-231-0x0000000005530000-0x00000000055C2000-memory.dmp

Filesize
584KB

Download
memory/5012-230-0x00000000058F0000-0x0000000005E94000-memory.dmp

Filesize
5.6MB

Download
memory/5012-232-0x0000000005520000-0x000000000552A000-memory.dmp

Filesize
40KB

Download
memory/5012-233-0x0000000006110000-0x00000000061AC000-memory.dmp

Filesize
624KB

Download
memory/5012-234-0x00000000061B0000-0x0000000006216000-memory.dmp

Filesize
408KB

Download
memory/5012-235-0x0000000006670000-0x0000000006772000-memory.dmp

Filesize
1.0MB

Download
memory/5012-229-0x0000000000B30000-0x0000000000B46000-memory.dmp

Filesize
88KB

Download
memory/5012-225-0x00000000739C0000-0x0000000074C14000-memory.dmp

Filesize
18.3MB

Download
memory/5076-228-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/5076-223-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/5076-191-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/5076-213-0x0000000074F20000-0x000000007509B000-memory.dmp

Filesize
1.5MB

Download
memory/5076-193-0x00007FF996950000-0x00007FF996B45000-memory.dmp

Filesize
2.0MB

Download