Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-es -
resource tags
arch:x64arch:x86image:win7-20241023-eslocale:es-esos:windows7-x64systemwindows -
submitted
10-01-2025 06:03
Static task
static1
Behavioral task
behavioral1
Sample
FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
Resource
win7-20241023-es
Behavioral task
behavioral2
Sample
FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
Resource
win10v2004-20241007-es
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240903-es
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20241007-es
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-es
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-es
General
-
Target
FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
-
Size
521KB
-
MD5
4f2c796aebd02a54ca9bebb0c5bc5ef0
-
SHA1
558e2f3de9077aaf9159c4fb1633d66c75b14dda
-
SHA256
c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
-
SHA512
8eb1daf79455c75dba4521196c8ef468184f1a0d2c385bd424c4ce82174fe8c2970a47d72fc7d83c444629a236e373a70fb1d3cee236cfff246dba4b8ceb48c7
-
SSDEEP
12288:rRfrRAA+3hDCYCCslgEzlaGuZHStFIH/x5eWJe5:dfNAAmhBCCsRzeRCFoewe5
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Citrate\undertune.mad FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3052 2808 WerFault.exe 29 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2808 wrote to memory of 3052 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 30 PID 2808 wrote to memory of 3052 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 30 PID 2808 wrote to memory of 3052 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 30 PID 2808 wrote to memory of 3052 2808 FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"C:\Users\Admin\AppData\Local\Temp\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 5242⤵
- Program crash
PID:3052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5637e1fa13012a78922b6e98efc0b12e2
SHA18012d44e42cd6d813ea63d5ccbf190fe72e3c778
SHA256703e17d30a91775f8ddc2648b537fc846fad6415589a503a4529c36f60a17439
SHA512932ed6a52e89c4fa587a7c0c3903d69cf89a32dbd46ed8dcb251abb6c15192d92b1f624c31f0e4bd3e9bf95fc1a55fdb7cee9dd668e1b4f22ddb95786c063e96
-
Filesize
5KB
MD5e459f344b4a47af2cf15d821f3946724
SHA15df805fcf0a857b98cecca139b2ea99979c8f01e
SHA256f4778b8aca1eb5d93d267468589b4bf45b827a50300eb552d796e9dc22ade419
SHA5125b8285a166404c73869d5aaa25c5af3544ab4a2f012c5ea1e12b04a1d6fa3d32b4a6857e9fd29dd3c86dd5dc8111e3e86de11bdb5496c1c527ff1bc91bd791bb