fdebbf313b6c8bf7a2db3ef7a19425c32ce87c5874b5d62ea65e4c0dacfa175a

Analysis

max time kernel
73s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562.tar.uue.tar
Size

8.6MB
MD5

dd9d133f09ddd0a864b843313af08cab
SHA1

b09affaba79f8ddd94863340d7d43b3fae850bbb
SHA256

fdebbf313b6c8bf7a2db3ef7a19425c32ce87c5874b5d62ea65e4c0dacfa175a
SHA512

9729fb43c0bea49b84c90bee8cd227489f07916488d406a0bf71ebaccea488a1b86247da95aec9dff5faade155c0a79d51e510da7d2430cc6fc54c708ece604e
SSDEEP

98304:QzFcHtyue0g27TTwiMfeEA5KFLOAkGkzdnEVomFHKnPAHxkPsqfL:0Ity50g2H8kEHFLOyomFHKnPAHxkPd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2820	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe

Loads dropped DLL 34 IoCs

pid	Process
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
2820	00012 NotificacionElectronica.exe
2820	00012 NotificacionElectronica.exe
2820	00012 NotificacionElectronica.exe
2820	00012 NotificacionElectronica.exe
2820	00012 NotificacionElectronica.exe
2820	00012 NotificacionElectronica.exe
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1944	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2820	00012 NotificacionElectronica.exe
1944	00012 NotificacionElectronica.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1740	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	1740	7zFM.exe
Token: 35	1740	7zFM.exe
Token: SeSecurityPrivilege	1740	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1740	7zFM.exe
1740	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562.tar.uue.tar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1740

C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\00012 NotificacionElectronica.exe
"C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\00012 NotificacionElectronica.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2820

C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\00012 NotificacionElectronica.exe
"C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\00012 NotificacionElectronica.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\MSVCP100.dll

Filesize
593KB

MD5
d029339c0f59cf662094eddf8c42b2b5

SHA1
a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

SHA256
934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

SHA512
021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

Download Submit
C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\hqg

Filesize
535KB

MD5
8be1eed996c72faff144110d8b39fd25

SHA1
cddbb8864a030b8db985f589fa0eaf8417750dbd

SHA256
cfc5e02bb0c9723ade1e0eab4f267802879afb6f356e4f73137ad70864d9029d

SHA512
1f1036db916fb8a838e76e8d6d7c9d6c46f6a70cdc6dcd1fbc01b873d2a450f54bfadd5d5a978e3aeff8615b76c857d6493a785415c7a18b10652c5aba14d114

Download Submit
C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\mfc100u.dll

Filesize
5.3MB

MD5
85ed13922df97474af9979ca456c6748

SHA1
d79cdd200b6543e06d18ed67e44c7bba50de7d85

SHA256
4c33d4179fff5d7aa7e046e878cd80c0146b0b134ae0092ce7547607abc76a49

SHA512
dcf9bb66a621d49d036f418337c2c454c3a3212c3d008c2dfe764b374ffaed1ce7ea3c6fb30f0c30a64ae3b901146fe474427e9bf4931e01e1a5cb5dcf2b5033

Download Submit
C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\ogyui

Filesize
26KB

MD5
8d5b7d9283a48f2b83081da8265c6253

SHA1
f8649706c6c958666fae1e63322afe26ecd9e05d

SHA256
5a1f8f488e151b589c8e9cb5740b060f3f33b4897ef483782cc125d13f51d436

SHA512
7dd98450d672578a6e176c4548220713a27ee95ebebf0842a287e523debc1fca0a0c42685076cae041ccc12dd0e1a8c1ac5ef9c4748eba8b890fc804102412a6

Download Submit
C:\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\sqlite3.dll

Filesize
723KB

MD5
c66a7d728dda63a285388f4bd7fd35dc

SHA1
859f3e4c140a76a12ff7fda9b384480cc4479b7e

SHA256
eda647ca391f1a46070e6ff493d6e1b6a28320ed6758f9b08bd3474519f1544c

SHA512
e58c5ca8a3275c9d5ba59f04a8c6aabdac6c8adeca162588166da52e90f7cabf5616a0ca8cb2430a6885d36e4cbb16a5d6bb8c5979d86444686f09045d958765

Download Submit
\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\00012 NotificacionElectronica.exe

Filesize
455KB

MD5
c544a0e2e173c94fa9069c73e7af6367

SHA1
1b8040c145d6cb2af6d1d9c1dc6878d51820e53b

SHA256
9d8547266c90cae7e2f5f5a81af27fb6bc6ade56a798b429cdb6588a89cec874

SHA512
f47694025fad1c67b727c9836d3663fa0f251a46e855e78e4c323beac1d82d13632e10d16e06e0d81718953ed6e06ee5e918195268ba988f3e555b432f1784a7

Download Submit
\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\GSLogging.dll

Filesize
44KB

MD5
a3b858a04592d13335a9e43804f0527a

SHA1
8f0386a0a240676b7cfdfcb2f70888a2033fc84a

SHA256
7d42e121560bc79a2375a15168ac536872399bf80de08e5cc8b3f0240cdc693a

SHA512
26baad23d4ec8c4911bf801bdcb2aa541116da60df8c9aa1c8e31bc0979c87c84e0e3a843544d6be185dded2073cfdb223ccf9a7f3c0725cd37427d39f747848

Download Submit
\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\MigrationLibrary.dll

Filesize
107KB

MD5
86d02c85056a2f0540babc63212bb1b6

SHA1
0b622c4943c8cc31cbcdbfec5324d4d7495cc94f

SHA256
ea748caf0ed2aac4008ccb9fd9761993f9583e3bc35783cfa42593e6ba3eb393

SHA512
359476a5d66e97ed21b1f0b2ea80ed6e791ab531a215b1eba8e32ca97258c471a7b74ecfc86f964f31d07e6b8cbfe16dd0b5bacce282ed801a1c59bb605e0367

Download Submit
\Users\Admin\Desktop\URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562\msvcr100.dll

Filesize
809KB

MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit