{"Payload URL": "https://drive.google.com/uc?export=download&id=1ycJKs"}
Source: 00000001.00000002.505045374.0000000002A30000.00000040.00000001.sdmp | Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1ycJKs"} |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Virustotal: Detection: 27% | Perma Link |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | ReversingLabs: Detection: 11% |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor | URLs: https://drive.google.com/uc?export=download&id=1ycJKs |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe, 00000001.00000000.237743772.0000000000417000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameKios2.exe vs GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Binary or memory string: OriginalFilenameKios2.exe vs GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A37233 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A37403 |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Virustotal: Detection: 27% |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | ReversingLabs: Detection: 11% |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | File created: C:\Users\user\AppData\Local\Temp\~DF2528AA0FB36E21C6.TMP | Jump to behavior |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Source: classification engine | Classification label: mal68.troj.winEXE@1/0@0/0 |
Source: Yara match | File source: 00000001.00000002.505045374.0000000002A30000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_004055C5 push eax; retf |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_00402ACE push ecx; ret |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_004066FC push ebx; ret |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A320A4 push esp; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A36288 push cs; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A350E2 push ebp; retf |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A33EF3 push ss; ret |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A344FF push cs; retf |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A36215 push 89000002h; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A32219 push ss; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A3626F push cs; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A3225C push ss; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A321A7 push ss; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A363BB push ss; ret |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A363E9 push ss; ret |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A36312 push cs; iretd |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A32565 push ds; ret |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A34576 push cs; retf |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Process information set: NOOPENFILEERRORBOX |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A39850 rdtsc |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A3CC88 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A395F7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A3D33B mov eax, dword ptr fs:[00000030h] |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe | Code function: 1_2_02A39850 rdtsc |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe, 00000001.00000002.504865617.0000000000C60000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe, 00000001.00000002.504865617.0000000000C60000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe, 00000001.00000002.504865617.0000000000C60000.00000002.00020000.sdmp | Binary or memory string: SProgram Managerl |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe, 00000001.00000002.504865617.0000000000C60000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd, |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exe, 00000001.00000002.504865617.0000000000C60000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.