Overview

overview

1

Static

static

Ethernet.pdf

windows7_x64

1

Ethernet.pdf

windows10_x64

1

Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    21-11-2020 23:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ethernet.pdf

  • Size

    67KB

  • MD5

    de1c8b96735c77f64bb9653e2d7de622

  • SHA1

    d175c99d8fa98597f28b34869c97fe5d6ac850cb

  • SHA256

    c2847ab9568ab4aabbe936b1816e779c5624d7d3d8c4bb10e401edf3f6bba357

  • SHA512

    42d70eb5d55434707726edcde62ab6b65820d1de21e7ab6fd7c8362bb1e984d371798a5eb9ca52e4be13adfa5db91119f46222f1bd485e20118d9550c55c4de3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ethernet.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1580
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1516

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LM70GBJ8.txt
    MD5

    ef0984334501d5b843e5eb8cd8910e9a

    SHA1

    4482e2098d15b0e060760496b75ca52b33ea6dae

    SHA256

    86da67ede38a54317d6db5935cd42f840d18693b0463ca4e1bed7ab588733352

    SHA512

    e8e268430a619309e589713e61a662a6339549f5e178a66472770884bb209a9fb3e83f18c2b0bf817ca974c8fc658868a015bd8b556d328f07a054dd7c03d4d3

    Download Submit
  • memory/316-0-0x000007FEF7A50000-0x000007FEF7CCA000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/1516-1-0x0000000000000000-mapping.dmp
    Download