Malware analysis FacturacionNº294922342452 (1).zip Malicious activity

Add for printing

File name:	FacturacionNº294922342452 (1).zip
Full analysis:	https://app.any.run/tasks/2f4f5cad-9c2c-4ca7-be78-d49b2ef3cbb2
Verdict:	Malicious activity
Threats:	Grandoreiro is a Latin American banking trojan first observed in 2016. It targets mostly Spanish-speaking countries, such as Brazil, Spain, Mexico and Peru. This malware is operated as a Malware-as-a-Service (MaaS), which makes it easily accessible for cybercriminals. Besides, it uses advanced techniques to evade detection. Malware Trends Tracker >>>
Analysis date:	December 05, 2023, 23:35:59
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	evasion grandoreiro banker
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract
MD5:	D5DC924DD57DF2DA7BA5BE5477D2FA23
SHA1:	6F879AE088541275D7ADA8664A7CBF6E907C2F70
SHA256:	61557874CE073AB82EE72872F45D9801D34828C684EBFE71671DB10529ABD3C8
SSDEEP:	98304:O0VhF0eF9t0FO2Gr8/bh83NYz7UDxdSDXNotiIjqs0ULhYF8XuenamyCOGk4WFp9:OiptWOxHaFbNnZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 60 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Actions looks like stealing of personal data
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
- GRANDOREIRO has been detected (SURICATA)
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
SUSPICIOUS
- Checks for external IP
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
- Connects to unusual port
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
INFO
- Reads CPU info
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 3028)
- Checks supported languages
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 3028)
  - wmpnscfg.exe (PID: 280)
- Reads the computer name
  - wmpnscfg.exe (PID: 280)
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 3028)
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
- Manual execution by a user
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
  - wmpnscfg.exe (PID: 280)
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 3028)
- Reads the machine GUID from the registry
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)
- Creates files in the program directory
  - Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe (PID: 2624)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	Deflated
ZipModifyDate:	2023:12:04 19:08:42
ZipCRC:	0x9efa2a59
ZipCompressedSize:	3471287
ZipUncompressedSize:	129636352
ZipFileName:	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

280

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

564

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FacturacionNº294922342452 (1).zip"

C:\Program Files\WinRAR\WinRAR.exe

—

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll

2624

"C:\Users\admin\Desktop\Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe"

C:\Users\admin\Desktop\Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Description:

PDF Invalidable document viewer Plugon

Exit code:

Version:

6.318.7703.2

Modules

Images
c:\users\admin\desktop\factura cfdi - rfc emisor 8458 - serie y folio jyye42325507 ref-adgp1510 3164.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

3028

"C:\Users\admin\Desktop\Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe"

C:\Users\admin\Desktop\Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Description:

PDF Invalidable document viewer Plugon

Exit code:

Version:

6.318.7703.2

Modules

Images
c:\users\admin\desktop\factura cfdi - rfc emisor 8458 - serie y folio jyye42325507 ref-adgp1510 3164.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

Add for printing

Total events

1 290

Read events

1 282

Write events

Delete events

Modification events


(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(564) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
564	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa564.35760\Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	208.95.112.1:80	http://ip-api.com/json	unknown	binary	292 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	208.95.112.1:80	http://ip-api.com/json	unknown	binary	292 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	208.95.112.1:80	http://ip-api.com/json	unknown	binary	292 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	208.95.112.1:80	http://ip-api.com/json	unknown	binary	292 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	208.95.112.1:80	http://ip-api.com/json	unknown	binary	292 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	—	18.231.180.195:18942	http://18.231.180.195:18942/yflMLs.xml	unknown	—	—	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	18.231.180.195:4318	http://18.231.180.195:4318/@CPG@$,GGQ)GUU$TS$@TS@)$U,),QX)TPQW,GQ@%25,W,$TXXVWXS%25C@P%25PX,,Q$QWCX@XWXQV@,WTGQCCP$QSWC$,CQC$@T)G%25SGPU%25GSPXXUV,,XU,,WSTCG%25W)CXCTUTGS$PW)@S$@SGX)X,,))G,TQPC)PQW$GUUCU,UWQGGPUX$QWVGS)WTUW))V)TQC@WWPWQW%25W,@WP)CU)@VP,PUUPCCSPVWV%25P$@PST@XPVQXC@VSP$@@GPG)G),QG$GU,$QSCPWU,XXVSV,PSPPUP%25@)XVX@VPU@%25S,QTQX@VW$XT)WVC@W,)QCCV%25%25UU$W$,@XPXQVG,Q,@CU@C%25)W),%25TU$TGXGGCU%25C@%25S@UW%25CG@UVCG,%25T)Q)@TVGQ)GPQGC@)S)GQ%25UQU@,PTU*XWU@P@CVTSWP@P$@UTW)Q@PWP@%25@$XSTUQPVQ$CT%25GU$,QTCSPCPW%25%25Q$CT)SGU@C%25$QWCSPSCGSV%25$U@$G%25)S)UTTW))WGWQT,STXXPTWTTX@)SWG%25SGU$PVS%25CUP,WSC)%25XQCCG$WUT,$X,GQ$UQXCSPX,$QW,$WX$%25SCPT@SW$UQW@T@Q%25V$T@W@%25TQQ,TQ%25C,%25XWUWVV)STU%25TQ$,GXWWCQV)@CCPCQVC)%25%25SUX)SQ$SQP%25P@)P@%25T@V,CQWP%25C)CG,CT%25SU,CWPTPC@UVXC%25CS$WUVP,VU)WQCC@CGW@X,WP$CW,)$W,@,)C)P@W$%25$V$)GUTVTGQU,CCXCTC$GVVP)PSX,GT)T,@V)XTWUP,CXUQTPUP,@$)SSW,,XQXCU@P$PTVS$VUT,%25WC%25TS,,VQX,VQUCG,*TSUT	unknown	text	790 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	18.231.180.195:4318	http://18.231.180.195:4318/PX$GS%25P@)V)%25XGQ),XQXC@V,%25WQ@$%25GXT%25XUT$TCG,XXTWUW@TGWWSWCS)P%25WWQC,$XUXSTXU$)XSG$,GQ$,GQGP$CQW@C)QVP$TQ@$)U@$TQXPS%25QVPGWG%25QQV$S$PXSU@,$T,S,X%25U$GTQ)PCQ,GWXW%25,VG,CTX))QT,XT%25%25W%25UPTWTX)SUU,PU$,XCSQXSG@%25W$%25PXQW%25SP$%25VP%25CU@V$XTP%25PUSPW)G),TSX)PS$QV%25)UT,SS$QUU,,X@XSW@XST)S$)SC,TV%25CV,@U,$TTQ%25TV%25%25Q)$SQ$PPU%25PQP@SW%25W@SP$ST%25Q$CUV,XXUGC,S$@Q,,@QSQ)$,G,,TVC%25$W,%25,XWGGW)XCGUSP$WXXPTC%25VSVP))TQ%25C%25CQ$WUP)Q@PVX)@,QW,QQQPSPG,QT,TGQC$UUX$GP@$)%25XWTTWGVSWSSV,W@GCCV)$QGQ,UXQXVQP)QGCVCQ)@W)V$CQ)S%25USUPP@PU)$SC,XWQ%25,TW)@T$VTW%25GX%25XU,@QUT,UT,)@TGQCUC$VXGWGS%25Q)P@GXVXW$,TW)%25TG%25W,GC$XUP$XU%25PT@,SG$W,CXQ$WTP@T,)T%25X@TVTUQW$WX$TCWT$)TGP@PV%25CS%25UV,WQVQVQ@QT%25TTPT,XQ%25$PSP,QQCXVC%25)W@WU%25P@@UW)X)QV,USC@U@S,%25UQP)%25QQ$PU,WUX,)X,QCCVPWPP%25$QCCP@CGS$XXUVPQ%25W%25@WQW@WSW%25VVW,$GUG)XP,%25Q,PXCSSGXTXSUPQ%25S@GQ@,CU,$,X,Q@,)XQX,WGS,PTPP$WTT%25TQ@P,QTVVPTP$PU$P@,VC$VTVTS,@WP%25)%25XQWX)GSGW,CWSS@U)@@SPUS$TWTGU,US)@Q@,$WWVW)VQG%25$)TTSP%25P@QPUUSX$TTGG@Q)%25)PXPUPPSPCVPWSX,@GC@WV%25@WW%25@VGPSTPQ,)TPT%25TGWS)UP,@SV)VWV%25TVTQW$W%25%25@Q$@WS%25WUS$SXWTC%25GTUTQ)@QPS$XSXXW)X$@USWG$,UX,),U,,%25TQWV$GTV,QT%25GPX%25PVSCU@U)%25U,$VX,V@PV$%25GP%25%25U,@TX%25STP)S@GVV$XV,@,WT$VW)PWU$,GUWCC)USUWXTWUUUC)@%25CXWUTC)VGPV)@TTTXSSX,GQS,CV,CUV%25PW$TVTWP%25TS%25PG$PXQGTVXQXVWXXXU@$WXTXVVST@%25VX%25Q$,XSTPV)ST%25SXP%25PQ@T%25%25Q@$@G)$PQCPX))GP$CG$,TQX)%25VX@CUU@GG$	unknown	text	50 b	—
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	GET	200	18.231.180.195:157	http://18.231.180.195:157/WPT))SSX$WU)*V%25P$GTV)$,TTPVPX%25%25SVSW%25@V$CQ$@TCGPWTGX@X%25UUSPUCSSV$PXPXVTGU%25@XWX@XUX%25U%25)XWUV$%25XQT)W%25,QQ$U,PPQUX,US%25GQUPVSCP,WS%25TUP$UU)@PC)GX)@XUVUTWU,P$@%25@,USC)GU,%25TVV$$XST@GSQ$)GW,@W)Q@$TUV$QXXVX$CGU,GTXXVVGVUQ)%25)U@USV@TSC@VTGTSC$%25S@@SX$CUX,CQW$)GCGVVC,UX@WX@S)@CGWVPCG,,TS%25%25TS%25$TQS,$UTGQWVSVXP)W@X,,X%25UQP),UXQU$GQU,@WCGQ@S)TQX,))V$,,TXT)TQGC)GU%25,VC$SSPG,%25QCU$WX%25GU%25QUQ@VS$CGCC$TU$)SX,UTWUQ$)V%25%25TW)X,US,VT)WSWU)VQ$@QT@V%25VUCVVSSPV)W$G%25CU)PQ@SSU,CQX%25V)UX$WXWWWQVQ@@%25)U$TU@WVC$GQS$VTWWWV$CS,PX,UWP,)GUX@PC%25VTCCG%25UQC,C$CGCV@SCCP,XWTXXGXSCC$TVVGT$XQU,PCP,S%25P%25@CS$CQ,VQ@CTG)VT%25)))VQQSW%25%25%25QT%25)QSP%25GW@)@U,%25$Q)$ST%25TVSXV%25XU$,GQQ,PX$W,),T,GUW$CXXXXU,CGS$%25TG$VWWWUC,CG,Q%25@))VV%25XTWS%25@P)UWG%25TVGPW,GV)GVS$VUQ%25TQ%25,%25VUSUWC@,CUQ,CQCPUCGSCC%25S@SVT@W)%25$VS,VV,C@X@VTW$,UQ)$U%25$TXQSU@C,CXUQWPSCVP,)QU)@V@@@GPCTVQWG%25G%25VPGQ%25@)@@)UGSV)UUXTTV@UVUTX,UTCT,GUS,,XWW@@@Q,,VXGQP%25$US,XTTSSPWP@PX)$SSC%25CVC@CG)SV$QU,CUSP$CSWVSQU$)S@TPW)%25Q$PGQ)VT,)QW,S)C%25%25TQW%25Q)CS%25CWGVTQT,UTP)CQ$CQ)GVW)%25CQ,$)WV%25GUQ$WX$TV%25VTQTU))Q%25PW@U@C)V$GQXP@QUP$,USP,UVQ%25S%25G)SCTGSXXSSCX@TWWC%25W)PV@P,%25P)PVVPXTQ,CUS$USS%25GQVCX@$%25GW)PWVSQ)XTCUC,CTTG$,,U@,,TTQT$GTTQX$PXPWWCQCTGVW,QX$TSGVGPG%25PC)TXXGSQGTSX$XW@GS%25XQVCU$ST,XWUP$XU$PQ%25UPV@,WQSS%25@V$,VSW)VC@UWVW,$CTSWWGW$WGXWX*CTSQTPQV%25$,XSXUTQVU,@GUPX	unknown	text	50 b	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	unknown
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2588	svchost.exe	239.255.255.250:1900	—	—	—	unknown
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	208.95.112.1:80	ip-api.com	TUT-AS	US	unknown
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	18.231.180.195:4318	delaybor.myphotos.cc	AMAZON-02	BR	unknown
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	18.231.180.195:18942	delaybor.myphotos.cc	AMAZON-02	BR	unknown
2624	Factura CFDI - RFC Emisor 8458 - Serie y Folio JYYE42325507 Ref-ADGP1510 3164.exe	18.231.180.195:157	delaybor.myphotos.cc	AMAZON-02	BR	unknown

DNS requests

Domain	IP	Reputation
ip-api.com	208.95.112.1	unknown
delaybor.myphotos.cc	18.231.180.195	unknown

Threats

PID	Process	Class	Message
—	—	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
—	—	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com
—	—	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com
—	—	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
—	—	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
—	—	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com
—	—	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
—	—	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com
—	—	Potential Corporate Privacy Violation	AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
—	—	Device Retrieving External IP Address Detected	ET POLICY External IP Lookup ip-api.com

Add for printing

No debug info

General Info

FacturacionNº294922342452 (1).zip

D5DC924DD57DF2DA7BA5BE5477D2FA23

6F879AE088541275D7ADA8664A7CBF6E907C2F70

61557874CE073AB82EE72872F45D9801D34828C684EBFE71671DB10529ABD3C8

98304:O0VhF0eF9t0FO2Gr8/bh83NYz7UDxdSDXNotiIjqs0ULhYF8XuenamyCOGk4WFp9:OiptWOxHaFbNnZ

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Actions looks like stealing of personal data

GRANDOREIRO has been detected (SURICATA)

SUSPICIOUS

Checks for external IP

Connects to unusual port

INFO

Reads CPU info

Checks supported languages

Reads the computer name

Manual execution by a user

Reads the machine GUID from the registry

Creates files in the program directory

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings