Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-10-2024 13:05
Static task
static1
Behavioral task
behavioral1
Sample
232024-LEER NOTIFICACIONDEMANDA LABORAL-55214/02 LEER DEMANDA LABORAL.exe
Resource
win7-20240903-en
General
-
Target
232024-LEER NOTIFICACIONDEMANDA LABORAL-55214/02 LEER DEMANDA LABORAL.exe
-
Size
1.2MB
-
MD5
f778e9136ab0db9de9802a7043de50a7
-
SHA1
850dca074534a14fdb9ada6afaceea88558764e0
-
SHA256
90803a583e9f693de5e7b8a196832436f6f648b27fb82e55904c256f30cc8b3a
-
SHA512
cd6c5c3537f05ad5826d503e38b8e6ef2eaf668616bec15ba51ad3d81e0337a72779d7ca6af9e8ebee12d713891b30c0b73bf34718552bc9f4e7d8909b998156
-
SSDEEP
24576:+heavSigvk0vhkzswHD4/V3OQdnYKYc4wXUyuy1:qP710vezrj4dJYFYUyuy1
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
02 LEER DEMANDA LABORAL.exedescription pid process target process PID 2708 set thread context of 2712 2708 02 LEER DEMANDA LABORAL.exe cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
02 LEER DEMANDA LABORAL.execmd.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 02 LEER DEMANDA LABORAL.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
02 LEER DEMANDA LABORAL.execmd.exepid process 2708 02 LEER DEMANDA LABORAL.exe 2708 02 LEER DEMANDA LABORAL.exe 2712 cmd.exe 2712 cmd.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
02 LEER DEMANDA LABORAL.exepid process 2708 02 LEER DEMANDA LABORAL.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
02 LEER DEMANDA LABORAL.exedescription pid process target process PID 2708 wrote to memory of 2712 2708 02 LEER DEMANDA LABORAL.exe cmd.exe PID 2708 wrote to memory of 2712 2708 02 LEER DEMANDA LABORAL.exe cmd.exe PID 2708 wrote to memory of 2712 2708 02 LEER DEMANDA LABORAL.exe cmd.exe PID 2708 wrote to memory of 2712 2708 02 LEER DEMANDA LABORAL.exe cmd.exe PID 2708 wrote to memory of 2712 2708 02 LEER DEMANDA LABORAL.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\232024-LEER NOTIFICACIONDEMANDA LABORAL-55214\02 LEER DEMANDA LABORAL.exe"C:\Users\Admin\AppData\Local\Temp\232024-LEER NOTIFICACIONDEMANDA LABORAL-55214\02 LEER DEMANDA LABORAL.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
777KB
MD5ec1ef367210e7b1991a5adbd84597d47
SHA18fe04bd2ec4915154ee4ebe006e03a8bbc6f3be8
SHA256ffa2872cfcac215df744c0a72f124647ce5208a091a6e274727840ae7cbaed4e
SHA51273b65383e5185fd3cda6823a3d4c2bba5bd1732009b02a1b0bfde2395c494443c744c9267320a41e61ecb9b217af6beb6c36cf69255a8f16fd9e64181cff903a