Overview

overview

3

Static

static

3

dexogusufo.pdf

windows7_x64

1

dexogusufo.pdf

windows10_x64

1

Resubmissions

17-12-2021 11:43

211217-nvvnlsdeh6 3

17-12-2021 11:37

211217-nrhjwadeh5 3

Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    17-12-2021 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dexogusufo.pdf

  • Size

    77KB

  • MD5

    288308d9e669c4e3ca3bfd33f7c8e528

  • SHA1

    7e23d877a6ee9eb2a348ea0743b752965fd51147

  • SHA256

    bd514ae94b3f8c698c61477b275e5f8e96e52defcbe7ea1521fb9582c551da25

  • SHA512

    d66ac1721d63ff3785d7bfe63f5b7adeda5c426b34e4e14b574bda5a000da71fccc2bfa051d6a13a2ee24cb9f41dd5a29e049bd1add86c6fa1c460a152731616

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dexogusufo.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:600
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://feedproxy.google.com/~r/Uplcv/~3/BvfzZFkJO3s/uplcv?utm_term=mnemonic+for+11+organ+systems
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1004

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    8380811e4c3ec3e433cc115b000156fb

    SHA1

    51c93d79901f95a8f76c15ebb46c71ac239aa632

    SHA256

    8bd87e4ab0854f9d8984b2deb26cb57b9ad634eecaf7d89dc4ae7467a0fa4585

    SHA512

    033a1463c68979e65851f040ec00df912a9529c9b2c369691ff48f2416f78a3e739339e08a9baf3129496d30ef1f5fd0eebc5604166871c51e685c92b1709ac0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\o5rwqiw\imagestore.dat
    MD5

    1fbd4935bc5b7e2fb00d176aee1d89bc

    SHA1

    3c9688c3c55af9eaf1865377716eca3355cbb83c

    SHA256

    cda1415b0fe8465f75fda365c7f714a26d56b18baec55786bb9ecc79b31c0cdf

    SHA512

    2f3cc2f5a779b582afc4c5313b69cc7fdff487606e187e9080be69c02ee6d9cc780266f20ec243892e172e47fe5ef7c641a2fbbe6907f80c7ae3a3b2da79cccd

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MYH2HQHG.txt
    MD5

    4df02beee37c3e581048b6baae7187c9

    SHA1

    81b71a6b0b3fc5b6b525a1586e08ee4f4e78271f

    SHA256

    d194731c31d8003531e9b1b48b732e9b90d13ba69f237b40bae1f6187c7acfa3

    SHA512

    cdba158a4d321c51d7b89b565c9ef09b16079eb4819966dd3139a1d8adbb9d3b2ee6a2d7968fc3bbebf35857bb7fd257678e1d31e0ae3da2066cfa39c2724cba

    Download Submit
  • memory/600-54-0x0000000076151000-0x0000000076153000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1004-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1548-55-0x0000000000000000-mapping.dmp
    Download
  • memory/1548-56-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmp
    Filesize

    8KB

    Download