Overview

overview

3

Static

static

3

phish.pdf

windows7_x64

1

phish.pdf

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    03-01-2022 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    phish.pdf

  • Size

    83KB

  • MD5

    d70260fbc59fd01ee84707ab160229d3

  • SHA1

    42a8e2f459547577bc7f9bdb96cdbdc11b970bc2

  • SHA256

    ac182261ed6c464c2547a87888adc7c0997e430af8c9e37a5fb4b321809f4fd2

  • SHA512

    7217967f367d82d32ccd200496da0dad80c10b6780023fbc5c6c98269e0f11836ef0f69498aefc1c3b97f580d8ca7c593b901b184d5a329ee3b80a664db68ff8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\phish.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://feedproxy.google.com/~r/Xvkpad/~3/u-9XGpgKpwY/uplcv?utm_term=michigan+sos+make+appointment
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275472 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:2110475 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    4780ba52be26a78a4e4b980dfcad2b18

    SHA1

    8f9ade289ee9585250d2f223fd4815b96f2476f9

    SHA256

    0e670a79661f9b6268185fe3f9b1d7209575e7264eea4a2f0d66634b7c358166

    SHA512

    8e555c3a5dde31e826c7a3c1bf35ad2d4216cebaef7332bac79abbce12525ee04bd70c0ada7262e253469da50528d5685da550cca63ca76e376cc83c9fe1f0dd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\283D0E9BFCCC89E52EDAA44F1E88D42C
    MD5

    023324d34180eb5de8ed1941f09398cd

    SHA1

    b1e5c2135142e57d806f5c3b9c6fa717392e492f

    SHA256

    00a83e96ff19ddb93fad5cc2ed382443258bb0386d7929adcdcbc2d88ea1de92

    SHA512

    3386a6dcbb5983354ce3f8b624ea70c06a8986c486feba3b4f78b480ad1d14f5afb3940d568f566e6809e788eb90fa85b0491c8ae9d249cb8720101e808c69d9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E45DF994640A999C36F03CEA75AD685
    MD5

    27dd2c6201a829b0fd8b6b5b28ddb919

    SHA1

    4df60f9c79591a54ab9fa1e357fc77e93888bf37

    SHA256

    03d7471f941ab9afda08696aa0108a5b0d39d8251ddd96425afac8a7fadaf5d5

    SHA512

    08406e6fc57bd172db69243abbced17320552f5182d0a2c3a1fcdae3a3938ad19f6c066f0570edaaa7a1ae8d4473deffeb8c048468e01bc58d01bf4922b17e98

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9641559E442FE3E0D68934A8083C5D76
    MD5

    d931ad340e17932586eb0c54adc7bf2f

    SHA1

    b954c9f931751315c4c9e9284e6aba52883d8623

    SHA256

    adc3c944c456a8195c87a92a12950dd28f7cfaac3884d30121be5e22a72a5391

    SHA512

    e993928f69b6aba7d4ee65cd5e2d70047fa9f0541ba490f94b36e6a0ca1d33517c017583611986323f851551caf4c9a525abeeff641ea0822dc369b2ec33315c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDBE7F91D99959FAB417AF8D77A1A257
    MD5

    1d95b817b8068bf9aa44c5af6b3d951b

    SHA1

    55e3baee27394a3b5954be0411e8ba047bc75f61

    SHA256

    4c40c068abf12bbd4e0d070f0098e8d9529f85b67cb5f90b35bdd91e422d5b15

    SHA512

    cf1dfb9103cd2357bc608de617017846226956645e0d4163dcd4fff3f28121793be09b8957ff4f578d812cee1b7e8c3a30b3d65d84eb1cf11ad2d7e221134f6d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    237469d6d52d9b69ed72a6ac4ba9b220

    SHA1

    399559beb6524f721c4f08ed03c4fd1ee6799fd3

    SHA256

    f3d80d057fb391f8c9a4fc43a6622a033be451e5f4954bd5f0b0ff226647ebdc

    SHA512

    291a4e401822c59fe355d4b47c6ceb0269489bae3b3dad12d36e077ba1cedae8cece7191051166c9ac879db16b4ef77c4752de7e7733334914d21804e72f4f58

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    b266492ec865e5b49a0d4f2e7c0387bc

    SHA1

    ba0df68e55a6457e0142c92e7c5a67e75b6384a1

    SHA256

    ab2a97233a5107745b693c94276c7854fe98333b58350cc96d869083c7debebe

    SHA512

    11101d8de3b74e6d57fb5ba33ef41d420c8635ac899489ec51620fde82245f562d0045badcd4da9007b81926b0e5ea0d7cb4cf44746e0eb64e3df3609fc63638

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\283D0E9BFCCC89E52EDAA44F1E88D42C
    MD5

    7847313eb203782158c18f689f20834e

    SHA1

    1372396c13a03477ab2ff76d75e02a993dd96418

    SHA256

    a9903d8725ca35190ae4486c61f1e77d9d18fb75d24d6357719afe108a5998bd

    SHA512

    b77cee4e8a9a6a42db14e21ca5b5b8f6d3013fac60bcf555a45cc5913856a04d32e6e640d787038c147392d5e37a8f7b1c304e536bcb2ce66c92c81f6aea067f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E45DF994640A999C36F03CEA75AD685
    MD5

    7448775d84d5a7799a1d3b757b2bcdfd

    SHA1

    c2307d1b0628385cb9c7b729bc3273bd92003d67

    SHA256

    d0d769438639f7784e414fbbecaaee9fbad19a278bbbea77332cb1a3b872673b

    SHA512

    36efc1e407f2aa436584c6864c1ea1b1e40afbe2347a8f214d13a5ddf2975b0d680f7612d8e0e7cb5c67845ec42d75120bf36be67cc5ac532f304e887f920a80

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    de92ee5e387f4eaae73e9b262d7ca9b8

    SHA1

    f3f870b8ead9311d868f4749447308c4e7c31454

    SHA256

    24b4f8f43250b6d0a2bb831f312bfb74198a3ec83ea6de1c7ce636a78b5de88b

    SHA512

    041736732a14054ba6742f88335542fcd53d725ff791a7faabe5114197177d480578d695dcfc8678c5f4cce033a3dc4940a8e596ee1cbe2a6993f6f7f2c29fe5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    b0a36ca1f435d88fc714fa7e8373a25e

    SHA1

    f9c1a94955f5ce2178f7c719f7f72e8a3ea818bb

    SHA256

    37a87e03ab90ee267696a65fb71503d5ccd3a3f871ef152291801cfdb11fe726

    SHA512

    c3e56089640379d62ef736e99a8b44f83251678fb6f59d12297044dcde50ab43270024431c15800dd7f54f6712c4e797273432a4696e497ce3c88df2b3c04ceb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    eafa88aaf22ba7f2dfc7126cb405724d

    SHA1

    0a18836feab316785456976ea8e3a34c7339f85f

    SHA256

    12b5f280961dbc4e003b89c405ef40ad7a3e67b91630c78966bd39f25cbaa952

    SHA512

    5bffb469a296a70c4d16c718c1cd37f160339a05196644fac09b7ea4c29ce760df8e1d8180edbda826ff45842b96ed4a2783cf7f8f8c6084a6d11d4cdd986a57

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    c96443ec7ea08aaaba8d06a29ce98431

    SHA1

    ba5de628b25a6ed930c9aecf893d7a557e40f6c9

    SHA256

    2408c391fad5bedbffc347d3ab28d6e95e8121f4d5a0912ab38a1eb9d4d81907

    SHA512

    3c37edaeb68523a471e2b16f9f1fc673d1f6731707e6a124d3e7dd56f01260786cb333a3ab37933974decf6de9a00a2bd08f7bbc6bfcf7f61fbeb35f025a940f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    ee9cbd5b8b2d05c2fe43af97df1e18bb

    SHA1

    5999b26e1893be0083e04b5748b04268a0874fd8

    SHA256

    ffa82690488737c468bbd8d30a94522a2a176af2194160e7b1967be732e061ee

    SHA512

    e7bf02ceee6eafeefa771b18bd83ec4065c7b15f989eaed9fd6e65da977f230883e5992cb48e1e22612da9cb3bbe98181802a2f0058cdc4dee2bc20a3c1f4300

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9641559E442FE3E0D68934A8083C5D76
    MD5

    a6dd9be085af6532ad283ed1e595cfd8

    SHA1

    41bfbd85b064227bc6279ef299bef3c950e71801

    SHA256

    3de274fed93a95c1fa3f703d1737ff0dba652a6d8759e920064ce0b1ab69d2f5

    SHA512

    a5e916ea98f25208e82d5b8bd4ae939120a8b0d23f1c69a3aa479c38af27562bbd1e58b5e1092e071f7c87d519c74c3e06cc671c989ca3251720a8084056d50d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDBE7F91D99959FAB417AF8D77A1A257
    MD5

    bd6e1fb8d796ab1903fd99f115a21e80

    SHA1

    5cf7dde8b7dbe045efd9e26a2a74a1ae5a76d1ca

    SHA256

    6c2e23771a46002870a28989a50e2c6a7afde088764c22b87f32c0cfdd18ceee

    SHA512

    719a2b7b3f633cc77dc6162f4695fd2b1604f9fdf4d88d5d539031f7352d40aa8c29530faa9f81051f2c190a682f9829171f42286ca7c18a281cff0eb2c75bc0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7ELYB8ZW\ruleofyourprofit[1].xml
    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VSJJWE3\uplcv[1].htm
    MD5

    b3ca2ea388115cc7a8d78a896f1ca10d

    SHA1

    bce171863ddfd0d077e7261d39cfe296a3aec391

    SHA256

    f79b7556c06a9fc7cb44f010fe18387384a2b6f05a4a5ab425b36e8bbd291c42

    SHA512

    633f670da79c5642213dfeb74ca44ddb550d05e4b1048e0ad8e33098b412b4afab86becdc0b4533da103594a5907c03b680804d38caaa97079c8f9c5e7862204

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34ZL0Q4Z\frame[1].htm
    MD5

    086707e4369f60afedcafb16050a7618

    SHA1

    8216b0cc6876cbd44f01c158e7dff3833ceccd41

    SHA256

    a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

    SHA512

    aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34ZL0Q4Z\uplcv[1].htm
    MD5

    b3ca2ea388115cc7a8d78a896f1ca10d

    SHA1

    bce171863ddfd0d077e7261d39cfe296a3aec391

    SHA256

    f79b7556c06a9fc7cb44f010fe18387384a2b6f05a4a5ab425b36e8bbd291c42

    SHA512

    633f670da79c5642213dfeb74ca44ddb550d05e4b1048e0ad8e33098b412b4afab86becdc0b4533da103594a5907c03b680804d38caaa97079c8f9c5e7862204

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UFND3CH\jquery.min[1].js
    MD5

    c9f5aeeca3ad37bf2aa006139b935f0a

    SHA1

    1055018c28ab41087ef9ccefe411606893dabea2

    SHA256

    87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

    SHA512

    dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K979K94M.txt
    MD5

    046987e257964f5436403b1be329c411

    SHA1

    95845defc46b211f33ae264970dc490f38600a41

    SHA256

    3c0af5fda0254cc21a214fc84d71cafe43c4bb0c1ed75c47644b5a31aa426e39

    SHA512

    9e9103941e2006c24a7098e40566760c197c3ae72a15da91faef38da43edeac9aea6d000e1cadda004a33894c288fc2786bcefdeac1c7b9ce7ff542ac046d7dd

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OMC3HQMX.txt
    MD5

    78744fb888ec3098a871187eb115439d

    SHA1

    8f766c0f2aeb75d481b64d53de444c200752268e

    SHA256

    a465e8f76950478854357e446ae4f30bd82465d8dcb1474d14ff4b472a794cd8

    SHA512

    9b62a478786539693cf44296c85883e9a05eeb71a5d5f707e2bf57b3d149676521dc85342c199e8104e0771ca0de352d876cd50858b2bc7b5264f44020ac591c

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W0THA2Y6.txt
    MD5

    f76bd7605ba0418367383c0e7e252b54

    SHA1

    26057cdc3d34223030ec4176717cda2de18d9583

    SHA256

    1c49b6e91b62f31bfad7a68b23536c55bb332d2fc897c4bddba93c25df68906c

    SHA512

    cd66767a7113f6a0c08e69231cb5a5e0ff38ab59a77207fae5af0149697705235133322d3954e2159b40111ff07cc60b25d40b615bc422a458c1ef04e001910c

    Download Submit
  • memory/392-64-0x0000000000000000-mapping.dmp
    Download
  • memory/560-54-0x0000000000000000-mapping.dmp
    Download
  • memory/676-55-0x0000000000000000-mapping.dmp
    Download
  • memory/700-56-0x0000000000000000-mapping.dmp
    Download
  • memory/944-53-0x0000000076911000-0x0000000076913000-memory.dmp
    Filesize

    8KB

    Download