Overview

overview

3

Static

static

3

69750ebdc5...cc.pdf

windows7_x64

1

69750ebdc5...cc.pdf

windows10_x64

1

Analysis

  • max time kernel
    119s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    06-01-2022 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69750ebdc5ef1da9ec91ef594fc966cc.pdf

  • Size

    60KB

  • MD5

    69750ebdc5ef1da9ec91ef594fc966cc

  • SHA1

    f4338e01d2ebbde8ee2e784f9034157b92352afa

  • SHA256

    1878d91f418b3af2aafacb1c46dd408779cb9ecdd978290f2cd9993548368e10

  • SHA512

    c73b3d67e01aba49c9acaf0d39a0ccd79a681bf209534d257970262d0c3cfe04f5f2453a894ed7feeed060e68ae49b44ec8bd94dc5fffabc0d5e54c7d6269482

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\69750ebdc5ef1da9ec91ef594fc966cc.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://onedrive.live.com/download?cid=1AC0D6C8F26E34EE&resid=1AC0D6C8F26E34EE%21570&authkey=AFOqk0TvLVs1mHI
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    d0ae14b5c2e12f3e39dcae0f8c346bd6

    SHA1

    d3f81e7e32640c38a2edc13c8e31458f8786e565

    SHA256

    a2d1c29cb542d68b3813bfa93eece2d55ac12f3e9b744a1296d61fbbf57f3817

    SHA512

    1b7cf7900066f30dfd72de3d761dc20326b160a791e20df07358cc379917d48e3291cd2ac1f85cc72894c315f7dd8b24ff55735454da82d096866c055c1c62e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    bbfc3d85f496b6878cf737238864961f

    SHA1

    0ad59c22e72ed7b76d0608f17e979eb99d4c3a1e

    SHA256

    67a039535754b605d549d7e782710e7deb22788cc4670b9906ee13de920d485b

    SHA512

    a98bc4d06f4ce468fee9e6bf5e750aaffd0ef0f26425d3205ed414cd3df1224f95f198980a430721272400c7923f123eafef6409ff9665b605d9827895a6e289

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    bb4ba33703e72f78fd5cd8a6a904d6e9

    SHA1

    063c1289b506d7c995cdd55fee6ea0c1259e3028

    SHA256

    a36ba75fe633241715859fb090f532f56e9b587965c0205c4034725f2ff23b82

    SHA512

    7746c414a4cd6102f49992685b836ec67a7eed73f8c459eb4565bfa5d11b412a9568bb3b8d5c7473ea4c09a4a0fd282965eeecc03a12eb7d562e131a8e85ab64

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1Q0FWJQ2.txt
    MD5

    a69236ceb5410f785c582fdf64b61969

    SHA1

    abc50943eba3070e029905110828b3348a108104

    SHA256

    b621e336e0233844662196902fb68c9e54fc3889c037b65eae9ff466b7c7bc69

    SHA512

    6318b1b80ef09df99f447e613c1007b64af43fe4598176e412d6f8f3f37f575ac5ceeffdcbb69a2f6326f8d824f663d6c325d75acc6261d8172cc7c03f641722

    Download Submit
  • memory/1060-55-0x0000000000000000-mapping.dmp
    Download
  • memory/1060-56-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1060-58-0x0000000002C70000-0x0000000002C71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1592-54-0x0000000076151000-0x0000000076153000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1868-57-0x0000000000000000-mapping.dmp
    Download