Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    19-10-2021 11:13

General

  • Target

    107dd74c22fc6dbb829ac57dd99bf621887cccbbd8af6c88adbe08e1e15a3755.pdf

  • Size

    166KB

  • MD5

    6b09106a8d4839ebb9555bba8aeff0c2

  • SHA1

    953ee746472e54e3a5fb3174975305afa51dc01b

  • SHA256

    107dd74c22fc6dbb829ac57dd99bf621887cccbbd8af6c88adbe08e1e15a3755

  • SHA512

    bd9f8fcb0cc2f640377bbff67bfeedc8f4e9a71e629b54e3b29a20301bbfbdaf32f0b104aed66a518647893acaacd734a951fa564c51c42a7b0a17640790a755

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\107dd74c22fc6dbb829ac57dd99bf621887cccbbd8af6c88adbe08e1e15a3755.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://infocert-dike.firstcloudit.com/download/aggiornamenti/Windows/Dike_Infocert_upgrade.msi
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:392

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    MD5

    3e1f81568a2d757ce2837fe7c4ef6532

    SHA1

    0f7f437180a4ce3d2c68942fbb759254e07a314d

    SHA256

    bfa749a0c488b16fafe60c0d69d1a6aafa3036e865a5bb39c637ee6e51170f2b

    SHA512

    92bc01d75fb2d8e22fe235562a419ca56013823fdc1636749809265df03d1c85b0063ca1bccc2c178c018c298b4715525e022b8f826e0952dc74ee46359e9a75

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r32q9i9\imagestore.dat

    MD5

    54a2d5a6213f60f206bd8854991fa879

    SHA1

    6f86c9878a997fdd2aac56657742674fdfe4c831

    SHA256

    085acbabb33f99eab6cd4bd59526c73d704f03c117106239237c9a8c75b0b5b5

    SHA512

    29420e7d801881732e13deb4ac0e88bf6c80024350fc4e07cb29d6166503dfab1d9289111d6094c33285da5bb54c43379bd148f0ad5ad6fd8cf012b0e819aba1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9PG5GSRN.txt

    MD5

    2f8d8ed0f5ad58559d1ac7a181842e7d

    SHA1

    114d2bf6ad79ab18c924b54dcaa88bf89b958751

    SHA256

    a467a3ff73a56a14b7b207fef0eb663c7764256d4b57d0507b0159c2fd927336

    SHA512

    7a82c504826588dda2be2bcdfd7dd03c99290ff7e400cf4a8e90af25cd96cd9240f99ce2db289c50fed258bcf30fc6289cfb62826c67311ea08e9ff716500a82

  • memory/392-57-0x0000000000000000-mapping.dmp

  • memory/1328-55-0x0000000075821000-0x0000000075823000-memory.dmp

    Filesize

    8KB

  • memory/1500-56-0x0000000000000000-mapping.dmp