Overview

overview

4

Static

static

3

i am 27,wh...py.pdf

windows7_x64

1

i am 27,wh...py.pdf

windows10_x64

4

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    27-07-2021 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    i am 27,white curvybbw Unhappy.pdf

  • Size

    26KB

  • MD5

    5a26a72341a22c53d86de96a6d8912bf

  • SHA1

    031442f098f1881df191480f5f0ba713dc185c57

  • SHA256

    024dbe2e4167de82b2ca60d0a1d2b2ea12ec2bff4e44afb019887c19862864c3

  • SHA512

    d49dd2544d76d3eb790004a71619896ba419457eef3a9c86392cb81f7d5c7c43d4c607e35726ae6bef977d6c3777ac463c2fa969d637278d4df4d24e00e91e42

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\i am 27,white curvybbw Unhappy.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:484
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://split.to/O5upxYb
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:792 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1768

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    2902de11e30dcc620b184e3bb0f0c1cb

    SHA1

    5d11d14a2558801a2688dc2d6dfad39ac294f222

    SHA256

    e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

    SHA512

    efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    9eebc24e4c142e8f20269391daea17fd

    SHA1

    a1aa0761fd8ce9db5d2a357f1490b7d1627c8f32

    SHA256

    d32dd70aa725729a325de71c123178cc8bbfdd5b1571160bd590951da23567c1

    SHA512

    a168dcc05bd8623cc1f3e1a2445589cd999579f004e6d483606397f59ac3e1cc97aab5867aa61b1b421fc16270b6b2e81a705927718d511b24bd05edac3e90bb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sgyae4t\imagestore.dat
    MD5

    d8cfc6084082d2f063bec779afeca064

    SHA1

    31dd60827a08772ec2a271b8747b45146efde6cd

    SHA256

    f733ed0295093f9d98ba9d04a5bf3be6e5777d77c03d90e165728da665f2ed77

    SHA512

    b1ac15edfac5b52a5d047f98f91bde874f923e0ab3fe3b92f361a09ae6c447f292f20b37c3304f632685a63970f41c4b3b8e25a63e3535a9652bd0eb3c930e2b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8T39MPO1.txt
    MD5

    ba594b693ca94d6fdb947f78efe058be

    SHA1

    1d5816ee3759f7239bdd5665ffab9b57476d5f00

    SHA256

    fb0ea499fd1f63a0246c9ff017dc4de2a12ff08ce45b745c7931323d981a026d

    SHA512

    6ede792dcbb3ace6347aca2f24219648d2eff2f2b0c6cad2f0e90d5d6ccaf53911cc61ecf311ef1f40957ea23b751569c20e2ccd3bca7df462fc12f348deec48

    Download Submit
  • memory/484-59-0x0000000075FE1000-0x0000000075FE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/792-60-0x0000000000000000-mapping.dmp
    Download
  • memory/1768-61-0x0000000000000000-mapping.dmp
    Download