Overview

overview

10

Static

static

3

ANEXOS POR...65.rar

windows7-x64

3

ANEXOS POR...65.rar

windows10-2004-x64

3

ANEXOS POR...65.exe

windows7-x64

10

ANEXOS POR...65.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ANEXOS POR ENTE 2814629814815718645718465710846597201846597821406597804216956041285974218609572135465.rar

  • Size

    965KB

  • MD5

    af0f3eeb7c34472f2b8c2a74d966b815

  • SHA1

    c471cb4d2aebc5fd17a5268856c8f78d1f52c0fa

  • SHA256

    b949f5669c31e0eae2ab38705a88ca05186d8e661e1b0965311a243a5f159412

  • SHA512

    0cde649113bbf387a823a3eed9a26550643b13c65be459e0fc4ef84da9f6c898a41c4c5811f6999fdb97f48dabf2b42efc35bcb15aeb043398b603bd12de0cd6

  • SSDEEP

    24576:1XjL9OupujF1OtiaahEdrgbCsNsg4BuiAsed:1XHtpujF+aYINSg4D4d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ANEXOS POR ENTE 2814629814815718645718465710846597201846597821406597804216956041285974218609572135465.rar"
    1⤵
    • Modifies registry class
    PID:3456
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\ANEXOS POR ENTE 2814629814815718645718465710846597201846597821406597804216956041285974218609572135465.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1384-13-0x00007FFCCE8E0000-0x00007FFCCE914000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1384-12-0x00007FF6417F0000-0x00007FF6418E8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1384-21-0x00007FFCDD5F0000-0x00007FFCDD601000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1384-20-0x00007FFCDD610000-0x00007FFCDD62D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1384-19-0x00007FFCDD630000-0x00007FFCDD641000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1384-23-0x00007FFCDD080000-0x00007FFCDD0C1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1384-22-0x00007FFCCC700000-0x00007FFCCC90B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1384-18-0x00007FFCDD650000-0x00007FFCDD667000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1384-17-0x00007FFCDD800000-0x00007FFCDD811000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1384-16-0x00007FFCDD820000-0x00007FFCDD837000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1384-15-0x00007FFCDD840000-0x00007FFCDD858000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1384-30-0x00007FFCCA840000-0x00007FFCCA89C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1384-29-0x00007FFCDCFF0000-0x00007FFCDD001000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1384-24-0x00007FFCCAE00000-0x00007FFCCBEB0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1384-28-0x00007FFCDD010000-0x00007FFCDD021000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1384-27-0x00007FFCDD030000-0x00007FFCDD041000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1384-26-0x00007FFCDD5D0000-0x00007FFCDD5E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1384-25-0x00007FFCDD050000-0x00007FFCDD071000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1384-14-0x00007FFCCBEB0000-0x00007FFCCC166000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1384-43-0x00007FFCCAE00000-0x00007FFCCBEB0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1384-62-0x00007FFCCAE00000-0x00007FFCCBEB0000-memory.dmp

    Filesize

    16.7MB

    Download