Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-es
  • resource tags

    arch:x64arch:x86image:win7-20241023-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    10-01-2025 06:03

General

  • Target

    FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe

  • Size

    521KB

  • MD5

    4f2c796aebd02a54ca9bebb0c5bc5ef0

  • SHA1

    558e2f3de9077aaf9159c4fb1633d66c75b14dda

  • SHA256

    c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692

  • SHA512

    8eb1daf79455c75dba4521196c8ef468184f1a0d2c385bd424c4ce82174fe8c2970a47d72fc7d83c444629a236e373a70fb1d3cee236cfff246dba4b8ceb48c7

  • SSDEEP

    12288:rRfrRAA+3hDCYCCslgEzlaGuZHStFIH/x5eWJe5:dfNAAmhBCCsRzeRCFoewe5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
    "C:\Users\Admin\AppData\Local\Temp\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 524
      2⤵
      • Program crash
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd6E3E.tmp\System.dll

    Filesize

    12KB

    MD5

    637e1fa13012a78922b6e98efc0b12e2

    SHA1

    8012d44e42cd6d813ea63d5ccbf190fe72e3c778

    SHA256

    703e17d30a91775f8ddc2648b537fc846fad6415589a503a4529c36f60a17439

    SHA512

    932ed6a52e89c4fa587a7c0c3903d69cf89a32dbd46ed8dcb251abb6c15192d92b1f624c31f0e4bd3e9bf95fc1a55fdb7cee9dd668e1b4f22ddb95786c063e96

  • \Users\Admin\AppData\Local\Temp\nsd6E3E.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    e459f344b4a47af2cf15d821f3946724

    SHA1

    5df805fcf0a857b98cecca139b2ea99979c8f01e

    SHA256

    f4778b8aca1eb5d93d267468589b4bf45b827a50300eb552d796e9dc22ade419

    SHA512

    5b8285a166404c73869d5aaa25c5af3544ab4a2f012c5ea1e12b04a1d6fa3d32b4a6857e9fd29dd3c86dd5dc8111e3e86de11bdb5496c1c527ff1bc91bd791bb

  • memory/2808-30-0x0000000004630000-0x00000000051C8000-memory.dmp

    Filesize

    11.6MB

  • memory/2808-31-0x0000000004630000-0x00000000051C8000-memory.dmp

    Filesize

    11.6MB