Analysis
-
max time kernel
14s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
23-10-2024 20:09
Static task
static1
Behavioral task
behavioral1
Sample
justificante de pago.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
justificante de pago.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Fyldiges.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Fyldiges.ps1
Resource
win10v2004-20241007-en
General
-
Target
Fyldiges.ps1
-
Size
53KB
-
MD5
dbe1380eb686fc84a3cd87ee84077382
-
SHA1
66a6b15521a3affc3d9b893554475078f41224a0
-
SHA256
b05d49191a62ec38497b0ae6378c984ac2013d6fec29b62d94299d88f5d5d279
-
SHA512
84987e2a263284df3d365caed6b549c93f23ad0982ffa7b8acfd21562c68ad1a2b198a47b2877e6ef4c4d679fe710cefa2df0de37a303a64838ac1b796d9335c
-
SSDEEP
1536:S5OtREySF0zWeeIsGsnhPqsw7XKIVoR9Fj:S5OtREyxWegnhPq3s9Z
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2072 powershell.exe 2072 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2072 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 2072 wrote to memory of 2816 2072 powershell.exe wermgr.exe PID 2072 wrote to memory of 2816 2072 powershell.exe wermgr.exe PID 2072 wrote to memory of 2816 2072 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Fyldiges.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2072" "912"2⤵PID:2816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555e4fb3a741b9fdeaa5502d63b79b24c
SHA1f289f7045d4b85c9fe83c61b303c43a7647a5069
SHA2563352667c0ede531f6d6ab77547a974401cc1a8aa8acbbb5efd7a44dc265bdb45
SHA5120e20a0695ffd7219365feef11737dc89f4791784d06347f656df7c0efecb11f382d743e0530e0360f4f9fda34e26b994bf42aa18946e3044bbafdddbb0836f04