Overview

overview

3

Static

static

3

ItineraryK...CT.pdf

windows7_x64

1

ItineraryK...CT.pdf

windows10_x64

1

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    25-10-2021 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ItineraryKOVJNV_23OCT.pdf

  • Size

    97KB

  • MD5

    6618a4ea410a64cfec3af5c67efc7b6e

  • SHA1

    7ec0ff44b6f3fb74f7be1585913fc57c3c86857d

  • SHA256

    7168cace81880c95dbdd931b2cc7a9e40bf4b5b23953af0798ab39159fb7e357

  • SHA512

    6cf0a0caa7b1edeca9288b5f4266e63cc4bacbffec71a130ecc1bd5b90a48a3ccb2ae02bc197038314eecef878d3c1fcce1bd799a2501dec1489b50a296a9bed

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ItineraryKOVJNV_23OCT.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.united.com/travel/checkin/start.aspx?LangCode=en-US
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1516
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:1127427 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:968

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    6efeca4f5c4282f124c08f9d521df8ab

    SHA1

    ee4ec9513c4b3dd45f9b208dd2983656140ddd4a

    SHA256

    2d62de456712c5a98a8e758613d4b90931675456b7da75abb448ba88821fac2b

    SHA512

    09939fc715a2508b3f0ffa1e2de6a97b51f8190f512ce421598dec976c5d026fe3c4fd0aae2b2819ca16ffb69d32856de149d4ebbf59402100f4ed0fceb9e654

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
    MD5

    a27edcc76d07f0f7f26bc6e6eed24da5

    SHA1

    75cf2b33f7c64604edabf90144c2c34470b203b6

    SHA256

    d8157f0c749f92adb26518d57a3837e96fb94bcf12270a4e06787b143739e98a

    SHA512

    16d75d1c018c4470ff8cda1ddac4d6ab8f9537fadfd09ac7f1f5798de955bc2daafd1db665134c21a3c559fd522b67d06ba9590788da712d0f3ad78cb4ec4d22

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    fc8a59b29017800604e2c7b61186cfa6

    SHA1

    a18b6e9eb1a0050ba6b841cb2b67fdd7ea3af1b0

    SHA256

    46c78900125f99fd49370aa8c31c3499376edb3307bf8e132098500276303e4b

    SHA512

    245dd299ec6a5e6afa2583484afa80dbe28433ecdb702d8939c17bb439f788d1d147432d19ae3a1a5b49970fc450a9e159c3a309f35c38f420240cdb3c292d88

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    3ecafb17f8d7db496912a76e0d7ee9ae

    SHA1

    da9e73b7adeb69465bb40a9cfef5b74aabd8396d

    SHA256

    e73fa442724ca788d678521d1fe377da84541e3fe0bf679333a5de571cafb7cd

    SHA512

    b15a962f6b274a9a08ec378c2d3020429d449dcbc45706c1ffdf611eb96d390f1fa219a8a022182c5412f1e54886a7d16ae2c581817e94b207a7a0692cf317b1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
    MD5

    8107ca368fddd92c0eab0823bbe707bb

    SHA1

    c958b7f660ca36e8f26f6a30a5a7446168f53600

    SHA256

    8b933777c96ad749b6de963e510bbbe19c4aa7cc4107e0ca7784e0ce9a2e179c

    SHA512

    cd1e3203d291e87bc274c499cb40f8f8097f12f9ab8cf774825816adf17472285e8728ce8aa85f7b4ecd4c4d6292b25963d14f46c64e073c1b66c458025573fb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SV1P5CQY\www.united[1].xml
    MD5

    1b3968215d655bf75a879a6b67b6ac8e

    SHA1

    766abf43f6023c063b8b090e2c7b95af82dcd4ca

    SHA256

    b2c1cf5dbe6f55f352c2278185e545a28e9bc7a84b4e4ae2dad04f96622c88b0

    SHA512

    07e6a2753c587ae3c8f38c03c467edf20838bb8bd39e99dac40eb7b35a48397f408162910de9ec7637d91cd128681b8cd1aef134bc04bb39d517bc9e724326f2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r32q9i9\imagestore.dat
    MD5

    613c292353b5a5ff27cd00155f9f09dd

    SHA1

    28c02e4fe2156e6592f4d7e43ee182222242af38

    SHA256

    a286f1bacde72f424ae159af7cbfc594347eada49f7628321080dea9f2d7bc2a

    SHA512

    8ad065c81b7399d81abe37041139f03f16b4d7ea4f3d9bb8725d305d222760b98701e301bddde0d68cf4a30a90fe2213c5baafa75e2bebe641b6d38329d1dac3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r32q9i9\imagestore.dat
    MD5

    332152cad4cefde3daa7db2743c2db69

    SHA1

    dbbc6b3f6f2132e30da3d59ea6b6653865406c6f

    SHA256

    6e4ecef15527d4bdc5017223a5a342168e91a6695465c4c8ccdb4bcf3354ed8a

    SHA512

    c3b30f82df7af5b89380e37e531a48d95ff18c0958a69fa5e7ca7035fe034989d4820418bdaca170c96d63de2bd1475e124847cafc20def051d4931b088310ef

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC94CCU5\AQZRX-VXQB5-F7UMP-G9UYD-LGHKM[1].js
    MD5

    fa4c76a7fde62b18054cf7eb8e946012

    SHA1

    b20150066a879d2b78dd3d4908f4acd148ee66f8

    SHA256

    09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

    SHA512

    d72f5d078675c7adbf6bfc1980712542a10668aec9163137a2ec70a5e117f8ffdd0f06a6c4c6636e35c04f2754f33d40c65c59d452afaa8ea4a382f24f200abd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWR70CEF\favicon[2].ico
    MD5

    fdb20d0f75316c4be1097cd3e43c31a2

    SHA1

    75e118ad6ccbc7d84fe39977dab6e1599d90d2c1

    SHA256

    a7d411bece4f4087294a78958aa45f2149968930c3fef9fbcbb7a7b83e1a5c45

    SHA512

    39707612ffdbc699026bf9f9ff6d308f1742aa25f1f9109296f515ed12f828adb41a92ae3e5b1bd7eb7e3ea057085abb961ad4a8a1b50993ba65d5da81870646

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHI8KPQK\XhwB[1].js
    MD5

    12ec40b9c7b68d0db01b9e82c8324067

    SHA1

    4e06104f2e5da042ec8a51296da60ac936a99a4a

    SHA256

    7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821

    SHA512

    87b96caf275b0e0641c79a6acf939d1721236872d66f1c3f0b011f1bdcb928b7bafc089c4a9338ee517d100ccec433ebcf27b9db3cf3837401a95c6338996059

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1LF2SX3M.txt
    MD5

    3aaccd928d848ec06a0924db32c85183

    SHA1

    3c2f7668af54cc97845fd86f6b28897bdf2f843e

    SHA256

    8d100aaf27c02d940c7922e3e0551d61cee7d10508d2d2e44a4187b5794a7ddc

    SHA512

    6e74629c17734e16410ebf7e48feced8eb10ca56a838106818d5ddcd848688cb7b618634dde98925db269c2c0d10fabda5ebf4bc1ea677ab9c8ee274837b3c0c

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3L9TAMGT.txt
    MD5

    10c0db943190de8ca22e848a5136d128

    SHA1

    de4326c5db3b6011580e1090dfe61453119cf197

    SHA256

    a6afa4c96724eec3995c088bd9a1cebf67fcb86ec80556f2c2ae783a8ef8816c

    SHA512

    e9bbcb00259ee9a8e4556df5a3f94bea5321dd5119383348874214f0109fc1e28f217b9cbbf4763d62aab4b16f6072fc693e0cc2ebf72029874e64b6f9f72663

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5Q7OZHBW.txt
    MD5

    c2ef47289d10d6eef86e66bd64f983db

    SHA1

    84fb24816ba8ff7ba150384a92d9d5d30cdcdb62

    SHA256

    3462f9190c6e518f1423ddfcac09ba5a8eebc7cfdbf8939f4354fb5348675366

    SHA512

    3afc00553628660ef93be36bba9afe3eaf40497a1356aa8ca50ba926ab78dfae3e39f89648c1acb5c33a2cdd67ddfb2c36673fe54a929906daaef934de4e525f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6EX41ZPP.txt
    MD5

    fe51e67dd32be8939bea252d9ea40842

    SHA1

    340dd516a5803204a682ae3dc9db8326799cc905

    SHA256

    bed50436796b6b6afd7c8c74946a9f56bdef6d2efad1de5e9274170ddbbfebec

    SHA512

    d6edd8a266a149ed35de97a3d7519492becb3ac8f3ce734c0fd478322776d43df4923cd9a30b54c68fb036e0adce9e97f7974a5b9426c75e368c2e16f11d204e

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B4ZWFD6P.txt
    MD5

    fa721068e1d5a7eb6153e504b95dfc4c

    SHA1

    a439465adfee1a1b04d59af46a2931bc33369552

    SHA256

    0a97277ecdd8ca6007d02711e5cedda8f48146e217837a5638204f3d1f110ada

    SHA512

    5870e57fbdfda45081c3c838071ba81189161302e1c6dbc0cd0041a78a69f092a6d9bb659c94f869a1c6a9bcbe2b98d8598933ca3aa2ff82e251d797da956b32

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BZTFACRI.txt
    MD5

    2f3479ade0607f46f8e66affee5b2e2e

    SHA1

    d3372340815c9155338f74e0ef0344bb61460963

    SHA256

    9e7855b3ef4c6532d6e607339ac7f2cb6c973db653865f7c3d1224ab260a72c7

    SHA512

    70b21999b197eacb55a9f7027df0848b2517deb025d5b158e01ea94155f9c6b5837da7677d1d3e9f4810e80e09a0eeec4e5aefa976fbda67620ab321c44457f3

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CYC1UXU1.txt
    MD5

    9299bc53dd32dcf7ec1ee3eeccd89cf7

    SHA1

    db55d39aa23b67449a188eb6f4d6bb6392e1aca6

    SHA256

    3ea2ec3db3e6a56056a4d677f6cd504fb6df2de6cafbef73fa5a894fea898166

    SHA512

    26ca0f41cec6eb2c28c862f85032fe35e0b6d927e55ba0eec82706eded42e7243b8d1bbb5a761c67bf071dfae0eddea53845c7138684ce241eb32d6a10a5d60f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IAKH4MRP.txt
    MD5

    e766c5780f0e6be70ae42bd99dab96b8

    SHA1

    09ae770e9d1ae267caf39406e151ad340187163d

    SHA256

    f4245b5e3e4964d0c3cbd51fbc74abce037e30ba9693d6ca9fda0c14d4c3dd7f

    SHA512

    df1f7d71021a08030ea0309f17aadd9204fba85e282a53d06850866184001ed0db81766f06a7b4458a4cfff034562a86eaa1e0ccaf94f90c0fea31abe128c2fd

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JDABX7LI.txt
    MD5

    cd246d9e3ea1889b92d07f8dfcaf1115

    SHA1

    501f376ddf79b7535ea6b1b128a9950b3db4932c

    SHA256

    0af008dec30ecece7921ea4e69bd69404dfc92d27a65efcb8aff56753d5bd598

    SHA512

    a8610d1a487a9511e836b3cf84c678f52f5e8bb4e3099ff64f7a2fe46f0d9d814743dbd03297f84f893772eba2a487edde7d19d38b81ab22980a3de53cedc7d1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MD8P1OS2.txt
    MD5

    c01190f2c9c9a955422b64a190b4604d

    SHA1

    61e1a8a0b52a4a6008124d686dad66ad5650644f

    SHA256

    3098d77b990d6089c78e6dad7315b8f2ce706c9869de42bf1c9ae382d09b2e92

    SHA512

    b23229c5c93e0eff3acdd8d4d0d347d5806bf5149bbc799f47c135ba02774ab7802fb7148e60ce761e2a8fe28f124d2f65ec6a806d1037628537fa8e7ad6a50c

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O7I7CRPD.txt
    MD5

    0e7b56a40d37be525e575403aab6ad40

    SHA1

    e450ee0772608cee8e47d7831a0d3719b136c6e0

    SHA256

    142672e3281f7ad0b1701e6283e39af47e84087c7a652fa0a65795e1c2dc2163

    SHA512

    26b047b367e11150f2c500735a4c255e6028b56dbf5a896e9bd0c51df6333caf76808a9105f9344ef4a3837e94793c2347e62e16aa3d9b260dd9cd0e1aac92fc

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OL7JL2GU.txt
    MD5

    ae6aa990d30191d35c5aff0e9a272991

    SHA1

    63bc04a49753675dd919dabf64519992cdc9a39d

    SHA256

    48ac71407f63ed55759606002e8558c563a4e86649c54c284f8eb515e99c0492

    SHA512

    e8fcaefecece1e52391e8e0c0fac5eea78f1f0a769b58ccb63dfba29ae6f4ebced83b312e0863deb4dd9517d0f834ff8c280f85d27e057cf6c59e96c0080ef40

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QHY1UK81.txt
    MD5

    b67106acb0f4b18e5dc0981f6d0c00dd

    SHA1

    46173eb1e75ae809191d6e1c9280a7d0377db2c7

    SHA256

    6f377add0664d9fb4069e34820ba7de678704aed1ec4910b663af646e05b7173

    SHA512

    939b2db323cbd74da0ce612e740d3e807eb5c380525d7eab0aadbc461f74148cb80f1c1487efac9082d734b239036fbdd736a8447663c4229eac2f17a6fdf86e

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UY5K1W3O.txt
    MD5

    c50e2a8c099c3973738a3b12d4dfa4bd

    SHA1

    bafbf453f7fe02784c52a5fa4e6e3f225955da0b

    SHA256

    4d73f57196110942f4f05ac52269255aad6588a3c6872b7a66c0b6ba15325476

    SHA512

    4a09c16d3da9b5d22f2f94b644998aa6481cc375c71c2f1d334a5ce89972802a4e55e94c235f8373e5285d39a20b0cf024c05c94241c7672927f1dc8db3c2b8b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V3V23N8T.txt
    MD5

    a5edda1b0e4e5dcfbe88da367f4344d9

    SHA1

    4c468f9309370d4f1e1847e894f7bf18d9ad6122

    SHA256

    380470f994abcf5e702095fc08eb7cc87f6edbd82359037cc729e76369bc05ee

    SHA512

    e6ed65548276342d12ac491515146e0f2905c307bc30cc0a8a553cda024cf3786dbf5b21f0667b90cfa55296addae594b67adca974b10bc245ea054b86f760a5

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VQYFME7I.txt
    MD5

    c9ee086b7ad36ad741c1d68cb5180b9e

    SHA1

    c36ec905260e91d5bbf3158153f4bbbaeb6db5bd

    SHA256

    a7993ae3fb8d5f7be28733f3ea64a8aa8f64e7406f4b76856825cdc5e95391cd

    SHA512

    eab4c9057aea1cdfb18f1e4fac100b4f1cda6aad56cc96077eb84a2d07207a0fac47388f61d3172234e6e3f34ba0e83803aa7fa6f63ac32525b31dde1cc29e2a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WAXIXOMD.txt
    MD5

    3af00e78ff9b6a2e49285db9e0064705

    SHA1

    d73b647dd1912828795603e7fdb039d34fc18598

    SHA256

    d453149b814ba2202ac99dc18dd63ffaf731cf6a73a10fb752d9f2f128c15ec4

    SHA512

    e411011186066ae82dd3a5dce351676577929806784574b15e89aac9b1cef0080448872cb6c77b309a335dc1b4ee0cdecfd54d962720582b015a7c7a72146616

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XLFOH0C9.txt
    MD5

    de4de08f69f519d7e320886001e86a3c

    SHA1

    d3e57517380e420c1ab27a1826cb19fd8a50dc9a

    SHA256

    f4f4f671eaf90bd09367a5fc088f809af81977af2fd2454a4b602fdd02e0ea5c

    SHA512

    f1620323111aa73c3c952a0a4b8db74264a1b55dee744cb3f1779fba241c6407d4c0e1a1e1d3be345bf6d1598e209c40b9ea3aa610380f512ead758bd517534b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YCVA29HH.txt
    MD5

    08e2d651ed5e2f175166c7cd187a14ad

    SHA1

    111a0d5e54b1d93a288c316d5c4d47253b5ae654

    SHA256

    ecfcbe4c59507fb04041ab7e75bddfcb7fc56a62056ea9b5d551eade4b44a8bc

    SHA512

    c4e1f51e6ab3f5799b76285ba7cd48320b0aaecbfe38d26185ec86e92b11cba825db4110fc79bce6063fcd0d62a093964486a5bc0740400b4faad6ff634b51fe

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZVCD2J3O.txt
    MD5

    25db2ae1dbd5f8675e74f1efd19d1f4f

    SHA1

    dc4d0f2b4099c19fee5baba6c00747cb7a329e03

    SHA256

    cb8c410410b536933218418c64d4609b99ad07e3d639c66c869cf11fd197c2d8

    SHA512

    aeb7d3792f9b28539221421c4cfe4f8a0869b819212d7a44a265c6b817e85416a5e069ffe6ac7da881e6e10e0c5da5fc055dfa0959dd5e3eb07b35c66b464e6d

    Download Submit
  • memory/968-59-0x0000000000000000-mapping.dmp
    Download
  • memory/1516-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1652-55-0x0000000076431000-0x0000000076433000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1928-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1928-57-0x000007FEFBB21000-0x000007FEFBB23000-memory.dmp
    Filesize

    8KB

    Download