Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    20-11-2020 02:29

General

  • Target

    harden.pdf

  • Size

    31KB

  • MD5

    22a79180cb5003766143cedf02192abe

  • SHA1

    e43f9ef3dd7de0a77741d09b5cfd6a5038cbd25f

  • SHA256

    5af64b0bdfb44d5ec981abd1fd1edd5b6661b41754be37db5b14977d040f1068

  • SHA512

    4243bc6b47d506c728b5e007c3f3706734d19859578c79e152dc9e5735c3db853730c1d4c8305dfa49173488d57565eadacf399f24253dd1384aa023d414fc77

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\harden.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://abuklbl.red-ton.org/4d7614aa
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1236
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1460
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:4207618 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1712
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://abuklbl.red-ton.org/4d7614aa
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:688

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1348-1-0x000007FEF7800000-0x000007FEF7A7A000-memory.dmp

    Filesize

    2.5MB