bd78281db9ac530698843738a7d58ec552effaf67d872a2680aa2d1ffbf51812 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 08:09

Sharing

Report Analysis Logs

General

Target

Listado Facturas.exe
Size

6KB
MD5

742079be072c5dc399608789694170d7
SHA1

516b4f2a968cfbf8f5b8ccc1628ef9503b72d6f4
SHA256

c060dd4aacd412f34349d8e246be541a3454f4af199a55eb6ceb92b5c2d21b97
SHA512

322601fa5267e9de1e080be1cbfbfb5359159a02e385a8cd4d5d476e2494c16380eea667329ee95da84dcf959bb95ec68ce3f657e1e5eeb4a0a68c74b2375179
SSDEEP

96:8878k+v/IRAsqj3tA7shArR5QjvfyEzNt:8Bb/+63W7SAD+vfyu

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2380	Listado Facturas.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 3068	2380	Listado Facturas.exe	31
PID 2380 wrote to memory of 3068	2380	Listado Facturas.exe	31
PID 2380 wrote to memory of 3068	2380	Listado Facturas.exe	31

C:\Users\Admin\AppData\Local\Temp\Listado Facturas.exe
"C:\Users\Admin\AppData\Local\Temp\Listado Facturas.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2380 -s 1136
  2⤵
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-0-0x000007FEF53A3000-0x000007FEF53A4000-memory.dmp

Filesize
4KB

Download
memory/2380-1-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/2380-2-0x000007FEF53A0000-0x000007FEF5D8C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-3-0x000007FEF53A0000-0x000007FEF5D8C000-memory.dmp

Filesize
9.9MB

Download