Overview

overview

3

Static

static

3

bd9d38ee53...00.pdf

windows7_x64

1

bd9d38ee53...00.pdf

windows10_x64

1

Analysis

  • max time kernel
    123s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    23-11-2021 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd9d38ee53e6e4992bbd4c2ead2fa5ecd948912d5fefc02ad1ab05fc923c2371.pdf.000.pdf

  • Size

    70KB

  • MD5

    35603fa519d36f95d965e4c298635373

  • SHA1

    a1a7e1fada146dbe66ee141cf83dab1f78a94c3a

  • SHA256

    bd9d38ee53e6e4992bbd4c2ead2fa5ecd948912d5fefc02ad1ab05fc923c2371

  • SHA512

    0bd236f8febeac719c5b1f2ba9c7a1305e40fedba7c06463cfbe0e6c35e3f28f7b1b0394f47c51c0cbe335dc12ba6be44e4c51d198b07f0b8a8a6cefdf96f446

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bd9d38ee53e6e4992bbd4c2ead2fa5ecd948912d5fefc02ad1ab05fc923c2371.pdf.000.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://feedproxy.google.com/~r/skout/mBVl/~3/1KS0DP0cxss/uplcv?utm_term=jordan+peterson+book+12+rules+for+life+pdf
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    acaeda60c79c6bcac925eeb3653f45e0

    SHA1

    2aaae490bcdaccc6172240ff1697753b37ac5578

    SHA256

    6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658

    SHA512

    feaa6e7ed7dda1583739b3e531ab5c562a222ee6ecd042690ae7dcff966717c6e968469a7797265a11f6e899479ae0f3031e8cf5bebe1492d5205e9c59690900

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    0e1bd44c93e5fd009bd81b71a5bdb376

    SHA1

    164ee78ad6c6d05d01a12fbd096056a9a55864b3

    SHA256

    2de33d5a5239d6c59e3eb568ed9423e23a288eb1135878b415cdadc0e9fa7fb0

    SHA512

    e0efcf21ecda2bd2ba34fffbd90e8340aca87e17b529d5f3717206da64531c4f347b7497d5d95f01aee066ed3bfe35cc690f396e2f17e6ceada251bc8ae6fc26

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\03AG2NCN.txt
    MD5

    7e5da8e1bd7706b93ae10717cdfae0b9

    SHA1

    0491733dd62267d153134094c54b43746e4350d3

    SHA256

    8f388ee999215e88e41ed3b2aabc76d431f80193ce923d124472903d8308014f

    SHA512

    baf2ad55462ea789bb7e06c7172475f225f626fa30196b09a153a9b441d86214361c39fc6ef66c88f3fef1c8b68ff1c5b7da1d2199400ba2866521d738e16e6c

    Download Submit
  • memory/588-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1532-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1532-57-0x000007FEFBD11000-0x000007FEFBD13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1600-55-0x00000000754A1000-0x00000000754A3000-memory.dmp
    Filesize

    8KB

    Download