Overview

overview

3

Static

static

3

BENACHRICHTIGUNG.pdf

windows7_x64

1

BENACHRICHTIGUNG.pdf

windows10_x64

1

Analysis

  • max time kernel
    131s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    04-11-2021 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BENACHRICHTIGUNG.pdf

  • Size

    290KB

  • MD5

    959cf4eec5cd592451a2781c2900024d

  • SHA1

    7928aa6949dff4be490063ef90aae420e5c1fc85

  • SHA256

    c860fcef8f39a72edda89b0903dccda09608b08697f31766df7f97e5eeb0f42f

  • SHA512

    abc1cf4a46e2523877e1d5c6e7b7967db0c4ffd494721e9934ebe1c6ddc00749bc23f303958b08b1e4819ff2fb400de04bfd450b808be6a39b9cfc001f654594

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BENACHRICHTIGUNG.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.de/imgres?q=logos+fuer+anwaelte&start=516&hl=de&biw=1366&bih=587&tbm=isch&tbnid=Mfe9cUog0MkXbM:&imgrefurl=http://www.anwalt-seiten.de/anwaelte_rechtsanwalt_Dortmund_7943.html&docid=-ttHk0GWYQqc1M&imgurl=http://kundenportal.anwalt-seiten.de/sites/default/files/photos/V%252526P%252520Logo.JPG&w=163&h=188&ei=yBh1UaGkMtGxhAednoCQBw&zoom=1&iact=hc&vpx=124&vpy=154&dur=7956&hovh=150&hovw=130&tx=98&ty=77&page=22&tbnh=142&tbnw=123&ndsp=27&ved=1t:429,r:23,s:500,i:73
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:852 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1540

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r32q9i9\imagestore.dat
    MD5

    94dc982ab1378ee227ea7ce625cf8eba

    SHA1

    10e76645bb8275a8071f4fe5668fb7cda653eb4c

    SHA256

    f2e0a1b671be15b273f4e432fca3c8b158ab2c271a13c2b2f54417368c637884

    SHA512

    95224858f1034287dedbc08bc3e9493eea724423b30236e2989682a384a2ce77eaa8bc9abeb4e6a15fd3e397cb6d7845981914f4c294ea14e4d8b69de302968a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2HUJBXJG.txt
    MD5

    4b7aa0f21ec59fb5a999f44b965bc044

    SHA1

    69f3c5e3485c87ac8bfe48d66dd76559f5b1b1e7

    SHA256

    1f1bc8335e25cdc6d10aace466cdb3b73c34f39a5dd45103b9442a3e9c164e70

    SHA512

    956f8c88b1ca3517d7a5699983675ef7f3d3ece90bd37af35844c6e02f93b63478b3e979b538a4718b633565353bf2bb5551279544e46060bf59fde3874b23a2

    Download Submit
  • memory/852-56-0x0000000000000000-mapping.dmp
    Download
  • memory/852-57-0x000007FEFC371000-0x000007FEFC373000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1540-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1544-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp
    Filesize

    8KB

    Download