Overview

overview

3

Static

static

3

open and c...zu.pdf

windows7_x64

1

open and c...zu.pdf

windows10_x64

1

Analysis

  • max time kernel
    121s
  • max time network
    155s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    03-11-2021 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    open and click Sie wollen nur einen wi nzigen Teil Ihrer Aufmerksamkeit Ich we iß, dass Mädchen zu.pdf

  • Size

    175KB

  • MD5

    6f52914e4cb9cd595ac615bbf0526e35

  • SHA1

    d80f53e78928cae259a5f16a5bf49bac799a24b0

  • SHA256

    768f5d0a396704891e544e3474b22ca2fcd96daa85cd9bd134299e202216a68c

  • SHA512

    09d4b74e85a250b7bab999c3208601b1795339b58361030142d0ee78731bc2dedf81a8f7dcd40dadcd5e9c7dd68f1f07099b5278f28b72d4fd47c34f78457dad

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\open and click Sie wollen nur einen wi nzigen Teil Ihrer Aufmerksamkeit Ich we iß, dass Mädchen zu.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
        PID:2228
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        2⤵
          PID:1012
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
          2⤵
            PID:1040
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
            2⤵
              PID:4068
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
              2⤵
                PID:612
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                2⤵
                  PID:968

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/612-119-0x0000000000000000-mapping.dmp
                Download
              • memory/968-120-0x0000000000000000-mapping.dmp
                Download
              • memory/1012-116-0x0000000000000000-mapping.dmp
                Download
              • memory/1040-117-0x0000000000000000-mapping.dmp
                Download
              • memory/2228-115-0x0000000000000000-mapping.dmp
                Download
              • memory/4068-118-0x0000000000000000-mapping.dmp
                Download