Overview

overview

6

Static

static

6

RV_ INGENI...NI.eml

windows7-x64

5

RV_ INGENI...NI.eml

windows10-2004-x64

3

Carta soli...ES.pdf

windows7-x64

3

Carta soli...ES.pdf

windows10-2004-x64

3

Certificad...24.pdf

windows7-x64

3

Certificad...24.pdf

windows10-2004-x64

3

FACUTURAS ...IRE.7z

windows7-x64

1

FACUTURAS ...IRE.7z

windows10-2004-x64

1

FACUTURAS ...53.zip

windows7-x64

4

FACUTURAS ...53.zip

windows10-2004-x64

3

FACUTURAS ...54.zip

windows7-x64

4

FACUTURAS ...54.zip

windows10-2004-x64

1

FACUTURAS ...55.zip

windows7-x64

4

FACUTURAS ...55.zip

windows10-2004-x64

1

FACUTURAS ...56.zip

windows7-x64

4

FACUTURAS ...56.zip

windows10-2004-x64

1

FACUTURAS ...14.zip

windows7-x64

4

FACUTURAS ...14.zip

windows10-2004-x64

1

FACUTURAS ...15.zip

windows7-x64

4

FACUTURAS ...15.zip

windows10-2004-x64

1

FACUTURAS ...16.zip

windows7-x64

1

FACUTURAS ...16.zip

windows10-2004-x64

1

FACUTURAS ...11.zip

windows7-x64

1

FACUTURAS ...11.zip

windows10-2004-x64

1

FACUTURAS ...30.zip

windows7-x64

1

FACUTURAS ...30.zip

windows10-2004-x64

1

FACUTURAS ...35.zip

windows7-x64

1

FACUTURAS ...35.zip

windows10-2004-x64

1

FACUTURAS ...36.zip

windows7-x64

1

FACUTURAS ...36.zip

windows10-2004-x64

1

FACUTURAS ...37.zip

windows7-x64

1

FACUTURAS ...37.zip

windows10-2004-x64

1

Resubmissions

19/11/2024, 16:46

241119-vabhkaygrk 6

19/11/2024, 16:43

241119-t8gxkatjhj 6

Analysis

  • max time kernel
    87s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RV_ INGENIERIA Y SOLUCINONES ESPECIALIZADAS SAS (ISES S.A.S.) NI.eml

  • Size

    19.9MB

  • MD5

    1323ecada3d55456f4b646139538338f

  • SHA1

    d35b93cae135c995fc3328dacf068acce428a076

  • SHA256

    24b4ab604c01ad537704980ce0e2dc8f97ef4f59e0453918eed6de272dc93ee0

  • SHA512

    57bdb5c55001bb21057000a91af5c791f4a945e16274470694e1aa9a6d2434fc228bcbe044003710cced6ab59feaead67cd9149d29d6892b9aff6b2676ecd836

  • SSDEEP

    49152:nCmXboNIzY66EgdosSkFTkGiF8txDbG4DXpdBgEGdcGosEnbiAg3EDYzWEbK61AS:Z

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\RV_ INGENIERIA Y SOLUCINONES ESPECIALIZADAS SAS (ISES S.A.S.) NI.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    30b01145068c95a8939dbd31c8ac3f75

    SHA1

    3740b5d3e47598e870811aac9bb0e5619ddab779

    SHA256

    81f352504d37b4aff4bd9a7a3b63a122a397415e58514ec69277fd669e59525c

    SHA512

    badfb7801a25710026769ed7929eaefb64e842217b3967f9c095db9d1e9a144b15a2bd92fe99dd5b055e6186a6004729559d9bc4d5da668c689c8a361c9f1a8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • memory/392-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/392-1-0x00000000739BD000-0x00000000739C8000-memory.dmp

    Filesize

    44KB

    Download