{"Payload URL": "https://drive.google.com/uc?exporto"}
Source: 00000000.00000002.870508386.0000000002280000.00000040.00000001.sdmp | Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?exporto"} |
Source: justificante de la transfer.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor | URLs: https://drive.google.com/uc?exporto |
Source: justificante de la transfer.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: justificante de la transfer.exe, 00000000.00000000.345440290.0000000000445000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameCappuccino.exe vs justificante de la transfer.exe |
Source: justificante de la transfer.exe | Binary or memory string: OriginalFilenameCappuccino.exe vs justificante de la transfer.exe |
Source: justificante de la transfer.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: justificante de la transfer.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228BB0F |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228776F |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285A00 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02287814 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02280463 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285E50 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02286051 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285854 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228628D |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285CEC |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022870C5 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022870C7 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285AD9 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022856D3 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285F26 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228AB72 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02286149 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022863AA |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285989 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228059C |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228579C |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228779F |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02285BE5 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228A9F1 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02289BC7 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228776F NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02287814 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022878F8 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228779F NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Process Stats: CPU usage > 98% |
Source: justificante de la transfer.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | File created: C:\Users\user\AppData\Local\Temp\~DFEB935E0BE46A145A.TMP | Jump to behavior |
Source: classification engine | Classification label: mal64.troj.evad.winEXE@1/1@0/0 |
Source: Yara match | File source: 00000000.00000002.870508386.0000000002280000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_00406467 push esi; iretd |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_00404E11 push eax; ret |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_00403CFC push cs; retf |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_004045D2 push cs; iretd |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_00404B97 push eax; retf |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_00404DB7 push cs; retf |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02287E7E push esi; retf |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022806B9 push eax; iretd |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02282CEB push es; ret |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022820E0 push edi; ret |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02280FDB push 83025563h; ret |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_022835DB push eax; ret |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Window / User API: threadDelayed 6236 |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Window / User API: threadDelayed 3764 |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228707C rdtsc |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02286EA3 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_02289E9A mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228AB72 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228994C mov eax, dword ptr fs:[00000030h] |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228707C rdtsc |
Source: C:\Users\user\Desktop\justificante de la transfer.exe | Code function: 0_2_0228BB0F RtlAddVectoredExceptionHandler, |
Source: justificante de la transfer.exe, 00000000.00000002.870177230.0000000000C50000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: justificante de la transfer.exe, 00000000.00000002.870177230.0000000000C50000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: justificante de la transfer.exe, 00000000.00000002.870177230.0000000000C50000.00000002.00020000.sdmp | Binary or memory string: &Program Manager |
Source: justificante de la transfer.exe, 00000000.00000002.870177230.0000000000C50000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.