Overview

overview

10

Static

static

1

JUZGADO PE...DA.exe

windows7-x64

10

JUZGADO PE...DA.exe

windows10-2004-x64

10

JUZGADO PE...i.pptx

windows7-x64

3

JUZGADO PE...i.pptx

windows10-2004-x64

1

JUZGADO PE...43.dll

windows7-x64

3

JUZGADO PE...43.dll

windows10-2004-x64

3

JUZGADO PE...t.xlsx

windows7-x64

3

JUZGADO PE...t.xlsx

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2024 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JUZGADO PENAL/d3dx9_43.dll

  • Size

    1.9MB

  • MD5

    4e83bd565288ac5cb4589013c344b11e

  • SHA1

    f80fe88f16e3561e0d2b14b1b6a45025e8a429df

  • SHA256

    e4ec839c88be62251023c1781999bbc7dd6061965a3ed4db174dfc6c3991e520

  • SHA512

    38f081b41f035b5a40d2885d58aec72623b4262f0b32204d527b7911f077fe670945895fa7a9041657700c3535a0c2e9abe9e77994dba1bd5f13773ac82c52cc

  • SSDEEP

    24576:uaUU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBY:uQ66l2u45BiNYFrz31Cv3D29kd6k71

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\JUZGADO PENAL\d3dx9_43.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\JUZGADO PENAL\d3dx9_43.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads