Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 13:32

General

  • Target

    PEDIDO PV0155511.exe

  • Size

    806KB

  • MD5

    2a5ad62b4cf94952164467b22c0064a5

  • SHA1

    8cb2cee66a55b620969a1093b5f8590a6a4cc7ca

  • SHA256

    358474ad2351f5a3b12e63af3097541879a12f45a395be698b45107ae295b1e1

  • SHA512

    4ff9d3c2e835c468b8e5fa225ecb01c77df6e68469feb2ef2cb22b17edeec8f81882c8bcadb75345aa4f5360af668c4649aa0469534d5416c856542ad3a9b104

  • SSDEEP

    24576:7RY7ECknlgbxch0oIKF6ReKabril9OLxKn:7ReECMlgbBPKHKkrilk

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe
    "C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe
      "C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe"
      2⤵
        PID:2660
      • C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe
        "C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe"
        2⤵
          PID:2948
        • C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe
          "C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe"
          2⤵
            PID:2804
          • C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe
            "C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe"
            2⤵
              PID:2772
            • C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe
              "C:\Users\Admin\AppData\Local\Temp\PEDIDO PV0155511.exe"
              2⤵
                PID:2692

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2872-0-0x0000000074DCE000-0x0000000074DCF000-memory.dmp

              Filesize

              4KB

            • memory/2872-1-0x0000000000340000-0x000000000040E000-memory.dmp

              Filesize

              824KB

            • memory/2872-2-0x0000000074DC0000-0x00000000754AE000-memory.dmp

              Filesize

              6.9MB

            • memory/2872-3-0x0000000074DCE000-0x0000000074DCF000-memory.dmp

              Filesize

              4KB

            • memory/2872-4-0x0000000074DC0000-0x00000000754AE000-memory.dmp

              Filesize

              6.9MB

            • memory/2872-5-0x0000000000300000-0x0000000000312000-memory.dmp

              Filesize

              72KB

            • memory/2872-6-0x0000000074DC0000-0x00000000754AE000-memory.dmp

              Filesize

              6.9MB

            • memory/2872-7-0x0000000005F30000-0x0000000005FD8000-memory.dmp

              Filesize

              672KB

            • memory/2872-8-0x0000000074DC0000-0x00000000754AE000-memory.dmp

              Filesize

              6.9MB