Overview

overview

7

Static

static

1

Nueva carpeta.rar

windows7-x64

7

Nueva carpeta.rar

windows10-2004-x64

1

Resubmissions

31-12-2024 03:26

241231-dzfp5ssjer 7

31-12-2024 03:23

241231-dxrpmavmfy 7

31-12-2024 03:22

241231-dxckps1rgj 7

31-12-2024 03:18

241231-dt4j1s1qgj 7

Analysis

  • max time kernel
    130s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nueva carpeta.rar

  • Size

    27.1MB

  • MD5

    6e078e2e9289d78f4660f36d65c9327f

  • SHA1

    9c20e120ea4e2c3cd19df50cee05b839c42e547a

  • SHA256

    48fe545d10166c4aea48252deab4a043abd56b758aed8439a5f1479d18ae6944

  • SHA512

    b6f8550d7064519dd7487bade6fb7f9ea68e0c6786e17a74c285553327c18ab6663a069b692890747e99e29fb952c70e8ff3ea13c491d8747d5dbb1e26f60f3f

  • SSDEEP

    786432:GLcIo8H4RQLIQxYF6Zbq0QSNrjM0qzcFrS0Q4puKS5nWhh:j8YRQLfxYF8e0QSNkN6FQ4AKrhh

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Network Service Discovery 1 TTPs 2 IoCs

    Attempt to gather information on host's network.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 32 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Nueva carpeta.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2420
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1552
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1520
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nueva carpeta.rar
        1⤵
        • Modifies registry class
        PID:1460
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nueva carpeta.rar
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2448
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Nueva carpeta\" -spe -an -ai#7zMap8371:106:7zEvent27534
        1⤵
        • Network Service Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2864
      • C:\Users\Admin\AppData\Local\Temp\Nueva carpeta\python-3.13.1-amd64.exe
        "C:\Users\Admin\AppData\Local\Temp\Nueva carpeta\python-3.13.1-amd64.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1404
        • C:\Windows\Temp\{4BED9372-6741-4AFC-BF5D-DD6C9987E4E7}\.cr\python-3.13.1-amd64.exe
          "C:\Windows\Temp\{4BED9372-6741-4AFC-BF5D-DD6C9987E4E7}\.cr\python-3.13.1-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Nueva carpeta\python-3.13.1-amd64.exe" -burn.filehandle.attached=292 -burn.filehandle.self=296
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Network Service Discovery
          • System Location Discovery: System Language Discovery
          PID:1324

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Nueva carpeta\python-3.13.1-amd64.exe
        Filesize

        27.4MB

        MD5

        90176c0cfa29327ab08c6083dcdcc210

        SHA1

        cc0bcf37414be313526d63ef708fc85da3b693b1

        SHA256

        6b33fa9a439a86f553f9f60e538ccabc857d2f308bc77c477c04a46552ade81f

        SHA512

        5940aae44386f3622dee3f32e6a98073851a9f646da6bf3e04f050b9a9239e0ddf50b26e5e125154edc5bbebce7353d273950f1111e4ca5f2b4e2e4a7ac7cf92

        Download Submit

      • C:\Windows\Temp\{4BED9372-6741-4AFC-BF5D-DD6C9987E4E7}\.cr\python-3.13.1-amd64.exe
        Filesize

        878KB

        MD5

        9bc2cfce73fe043e69c909fb1546dbbf

        SHA1

        8ee81917775b4bd60ea0592b2203d2219dc98cfa

        SHA256

        ba89d23a7c937c05feba316a927773faaf7becfb2279d9edac6cc11e31205e29

        SHA512

        4243b3923b998b21ed386750b179bf29bda164d6154e2f5cd744b361963c4e1025ed3d6d557f1cad672818a909cc8a5036cf14ccf4f5bdd1284db24156ad58e7

        Download Submit

      • C:\Windows\Temp\{EF4FE08B-747B-4A49-AA6A-57D75D94088B}\.ba\SideBar.png
        Filesize

        50KB

        MD5

        888eb713a0095756252058c9727e088a

        SHA1

        c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

        SHA256

        79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

        SHA512

        7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

        Download Submit

      • \Windows\Temp\{EF4FE08B-747B-4A49-AA6A-57D75D94088B}\.ba\PythonBA.dll
        Filesize

        692KB

        MD5

        e8cd5641cae8ae7e9f98b8a3b7096808

        SHA1

        dd587894cad3122c1719def17f8377bb2bbbc05e

        SHA256

        898474ad4074571813416e58667a3b8a233e12e656579726c178ec71f794b268

        SHA512

        53034732df45527389362c2cc53d3ba0390bc4c1a7700b7d61d774d1eecdfed43381311c63b38861215813a674eb3fe865821cb352606522987fb2cfed2856e1

        Download Submit

      • memory/2448-1-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

        Filesize

        64KB

        Download